Bridging the gap between information security risk assessments and enterprise risk management
Master thesis
Permanent lenke
http://hdl.handle.net/11250/2565842Utgivelsesdato
2018-06Metadata
Vis full innførselSamlinger
- Studentoppgaver (TN-ISØP) [1441]
Sammendrag
It is challenging to feed today’s information security risk assessments into an overall ERM framework such that it can be presented to stakeholders and management. This report evaluates current practice for information security risk assessment as represented by IRAM2, which is a recognised methodology. Weaknesses have been revealed in IRAM2 related to its incompatibility with other reporting methods, and in its calculation methods of information risks. Improvements have been proposed to the inherent limitations of the methodology, but also how to increase IRAM2’s compatibility with other risk management models.
Beskrivelse
Master's thesis in Risk management