Izvorni znanstveni članak

HOW TO CALCULATE INFORMATION VALUE FOR EFFECTIVE SECURITY RISK ASSESSMENT

Mario Sajko ; Fakultet organizacije i informatike Sveučilišta u Zagrebu, Varaždin, Hrvatska
Kornelije Rabuzin orcid.org/0000-0002-0247-669X ; Fakultet organizacije i informatike Sveučilišta u Zagrebu, Varaždin, Hrvatska
Miroslav Bača ; Fakultet organizacije i informatike Sveučilišta u Zagrebu, Varaždin, Hrvatska

Sažetak

The actual problem of information security (infosec) risk assessment is determining the value of information property or asset. This is particularly manifested through the use of quantitative methodology in which it is necessary to state the information value in quantitative sizes. The aim of this paper is to describe the evaluation possibilities of business information values, and the criteria needed for determining importance of information. For this purpose, the dimensions of information values will be determined and the ways used to present the importance of information contents will be studied. There are two basic approaches that can be used in evaluation: qualitative and quantitative. Often they are combined to determine forms of information content. The proposed criterion is the three-dimension model, which combines the existing experiences (i.e. possible solutions for information value assessment) with our own criteria. An attempt for structuring information value in a business environment will be made as well

Ključne riječi

information value; security risk assessment; information evaluation

Hrčak ID:

20917

URI

https://hrcak.srce.hr/20917

Datum izdavanja:

18.12.2006.

Posjeta: 12.131 *