Security risk assessment refers to the process of identifying, analyzing, and evaluating potential security risks for an organization. An organization’s assets, personnel, and operations are protected through it as p...Security risk assessment refers to the process of identifying, analyzing, and evaluating potential security risks for an organization. An organization’s assets, personnel, and operations are protected through it as part of a comprehensive security program. Various security assessments models have been published in the literature to protect the Saudi organization’s assets, personnel, and operations. However, these models are redundant and were developed for specific purposes. Hence, the comprehensive security risk assessment model used to safeguard Saudi organizations’ assets, personnel, and operations is still omitted. Using a design science methodology, the objective of this study is to develop a comprehensive security risk assessment model called CSRAM to assess security risks in Saudi Arabian organizations based on the International Organization for Standardization and the International Electrotechnical Commission/Information security risk management (ISO/IEC 27005 ISRM) standard. CSRAM is made up of six stages: threat identification, vulnerability assessment, risk analysis, risk evaluation, risk treatment, and monitoring and review of the risk. The stages have many activities and tasks that need to be accomplished at each stage. Based on the results of the validation of the completeness of the CSRAM, we can say that the CSRAM covers the whole ISO/IEC 27005 ISRM standard, and it is complete.展开更多
The advanced and personalised experience that modern cars offer makes them more and more data-hungry.For example,the cabin preferences of the possible drivers must be recorded and associated to some identity,while suc...The advanced and personalised experience that modern cars offer makes them more and more data-hungry.For example,the cabin preferences of the possible drivers must be recorded and associated to some identity,while such data could be exploited to deduce sensitive information about the driver’s health.Therefore,drivers’privacy must be taken seriously,requiring a dedicated risk assessment framework,as presented in this paper through a double assessment combining the asset-oriented ISO approach with the threat-oriented STRIDE approach.The framework is tailored to the level of specific car brand and demonstrated on the ten top-selling brands as well as,due to its innovative character,Tesla.The two approaches yield different,but complementary findings,demonstrating the additional insights gained through their parallel adoption.展开更多
文摘Security risk assessment refers to the process of identifying, analyzing, and evaluating potential security risks for an organization. An organization’s assets, personnel, and operations are protected through it as part of a comprehensive security program. Various security assessments models have been published in the literature to protect the Saudi organization’s assets, personnel, and operations. However, these models are redundant and were developed for specific purposes. Hence, the comprehensive security risk assessment model used to safeguard Saudi organizations’ assets, personnel, and operations is still omitted. Using a design science methodology, the objective of this study is to develop a comprehensive security risk assessment model called CSRAM to assess security risks in Saudi Arabian organizations based on the International Organization for Standardization and the International Electrotechnical Commission/Information security risk management (ISO/IEC 27005 ISRM) standard. CSRAM is made up of six stages: threat identification, vulnerability assessment, risk analysis, risk evaluation, risk treatment, and monitoring and review of the risk. The stages have many activities and tasks that need to be accomplished at each stage. Based on the results of the validation of the completeness of the CSRAM, we can say that the CSRAM covers the whole ISO/IEC 27005 ISRM standard, and it is complete.
文摘The advanced and personalised experience that modern cars offer makes them more and more data-hungry.For example,the cabin preferences of the possible drivers must be recorded and associated to some identity,while such data could be exploited to deduce sensitive information about the driver’s health.Therefore,drivers’privacy must be taken seriously,requiring a dedicated risk assessment framework,as presented in this paper through a double assessment combining the asset-oriented ISO approach with the threat-oriented STRIDE approach.The framework is tailored to the level of specific car brand and demonstrated on the ten top-selling brands as well as,due to its innovative character,Tesla.The two approaches yield different,but complementary findings,demonstrating the additional insights gained through their parallel adoption.
