Study on Architecture-Oriented Information Security Risk Assessment Model

摘要

In this study, we adopt the structure behavior coalescence methodology to construct an architecture-oriented information security risk assessment model (AOISRAM), which is integrated structure and behavior of the risk assessment model. AOISRAM solves many difficulties caused by the process-oriented approach in ISO 27001:2005 of information security risk assessment such as uneven distribution of resources, poor safety performance, and high risk. We find out the information security consultant, project manager are the key roles for the success of the risk assessment from structure behavior coalescence diagram. The feedback mechanism in the enterprise is essential to report and respond to the incidents for reducing the risk. This research achieves a beneficial model and knowledge for the information security risk assessment. This accomplishment may be valuable for the business and academic circles to follow and refer.