Security risk assessment refers to the process of identifying, analyzing, and evaluating potential security risks for an organization. An organization’s assets, personnel, and operations are protected through it as p...Security risk assessment refers to the process of identifying, analyzing, and evaluating potential security risks for an organization. An organization’s assets, personnel, and operations are protected through it as part of a comprehensive security program. Various security assessments models have been published in the literature to protect the Saudi organization’s assets, personnel, and operations. However, these models are redundant and were developed for specific purposes. Hence, the comprehensive security risk assessment model used to safeguard Saudi organizations’ assets, personnel, and operations is still omitted. Using a design science methodology, the objective of this study is to develop a comprehensive security risk assessment model called CSRAM to assess security risks in Saudi Arabian organizations based on the International Organization for Standardization and the International Electrotechnical Commission/Information security risk management (ISO/IEC 27005 ISRM) standard. CSRAM is made up of six stages: threat identification, vulnerability assessment, risk analysis, risk evaluation, risk treatment, and monitoring and review of the risk. The stages have many activities and tasks that need to be accomplished at each stage. Based on the results of the validation of the completeness of the CSRAM, we can say that the CSRAM covers the whole ISO/IEC 27005 ISRM standard, and it is complete.展开更多
文摘Security risk assessment refers to the process of identifying, analyzing, and evaluating potential security risks for an organization. An organization’s assets, personnel, and operations are protected through it as part of a comprehensive security program. Various security assessments models have been published in the literature to protect the Saudi organization’s assets, personnel, and operations. However, these models are redundant and were developed for specific purposes. Hence, the comprehensive security risk assessment model used to safeguard Saudi organizations’ assets, personnel, and operations is still omitted. Using a design science methodology, the objective of this study is to develop a comprehensive security risk assessment model called CSRAM to assess security risks in Saudi Arabian organizations based on the International Organization for Standardization and the International Electrotechnical Commission/Information security risk management (ISO/IEC 27005 ISRM) standard. CSRAM is made up of six stages: threat identification, vulnerability assessment, risk analysis, risk evaluation, risk treatment, and monitoring and review of the risk. The stages have many activities and tasks that need to be accomplished at each stage. Based on the results of the validation of the completeness of the CSRAM, we can say that the CSRAM covers the whole ISO/IEC 27005 ISRM standard, and it is complete.
