Izvorni znanstveni članak
HOW TO CALCULATE INFORMATION VALUE FOR EFFECTIVE SECURITY RISK ASSESSMENT
Mario Sajko
; Fakultet organizacije i informatike Sveučilišta u Zagrebu, Varaždin, Hrvatska
Kornelije Rabuzin
orcid.org/0000-0002-0247-669X
; Fakultet organizacije i informatike Sveučilišta u Zagrebu, Varaždin, Hrvatska
Miroslav Bača
; Fakultet organizacije i informatike Sveučilišta u Zagrebu, Varaždin, Hrvatska
Sažetak
The actual problem of information security (infosec) risk assessment is determining the value of information property or asset. This is particularly manifested through the use of quantitative methodology in which it is necessary to state the information value in quantitative sizes. The aim of this paper is to describe the evaluation possibilities of business information values, and the criteria needed for determining importance of information. For this purpose, the dimensions of information values will be determined and the ways used to present the importance of information contents will be studied. There are two basic approaches that can be used in evaluation: qualitative and quantitative. Often they are combined to determine forms of information content. The proposed criterion is the three-dimension model, which combines the existing experiences (i.e. possible solutions for information value assessment) with our own criteria. An attempt for structuring information value in a business environment will be made as well
Ključne riječi
information value; security risk assessment; information evaluation
Hrčak ID:
20917
URI
Datum izdavanja:
18.12.2006.
Posjeta: 12.781 *