Thumbnail Image
Publication

Analysis of Information Security Risks and Protection Management Requirements for Enterprise Networks.

Saleh, Mohamed S.M.
Publication Date
2012-04-18
End of Embargo
Supervisor
Kamala, Mumtaz A.
Cullen, Andrea J.
Mellor, John E.
Bakry, S.H.
Keywords
Information security, Risk management, Analytical models, Protection measures, ISO/IEC 27002 Standard, Cost-Benefit Analysis, Six-Sigma, Compliance, Enterprise Information Security Risk Management (EISRM)
Rights
Creative Commons License
The University of Bradford theses are licenced under a Creative Commons Licence.
Peer-Reviewed
Open Access status
Accepted for publication
Institution
University of Bradford
Department
Department of Computing, School of Computing, Informatics and Media
Awarded
2011
Embargo end date
Collections
Theses
Show all metadata
Files
Thumbnail Image
PhDMohamed S Saleh.pdf
Adobe PDF4.59 MB
Additional title
Abstract
With widespread of harmful attacks against enterprises¿ electronic services, information security readiness of these enterprises is becoming of increasing importance for establishing the required safe environment for such services. Various approaches are proposed to manage enterprise information security risks and to assess its information security readiness. These approaches are, however, not adequate to manage information security risks, as all required information security components of its structural and procedural dimensions have not considered. In addition, current assessment approaches lack numerical indicators in assessing enterprise information security readiness. Furthermore, there is no standard approach for analysing cost versus benefit in selecting recommended protection measures. This thesis aims at contributing to the knowledge by developing comprehensive Enterprise Information Security Risk Management (EISRM) framework that integrates typical approaches for information security risk management, and incorporates main components of key risk management methodologies. In addition, for supporting phases of the proposed EISRM framework, analytical models for enterprise information security readiness assessment and cost-benefit analysis are developed. The practical evaluation, using the proposed enterprise information security readiness assessment model has been performed depending on a developed investigation form that used to investigate nine enterprises inside Saudi Arabia. The results demonstrate the effectiveness of the model in assessing and comparing enterprises information security readiness at all levels of the model, using numerical indicators and graphical representations. The EISRM framework and the analytical models presented in this research can be used by enterprises as single point of reference for assessing and cost effectively improving their information security readiness.
URI
http://hdl.handle.net/10454/5414
Version
Citation
Link to publisher’s version
Link to published version
Link to Version of Record
Type
Thesis
Qualification name
PhD
Notes