Bridging the gap between information security risk assessments and enterprise risk management
MetadataShow full item record
- Studentoppgaver (TN-ISØP) 
It is challenging to feed today’s information security risk assessments into an overall ERM framework such that it can be presented to stakeholders and management. This report evaluates current practice for information security risk assessment as represented by IRAM2, which is a recognised methodology. Weaknesses have been revealed in IRAM2 related to its incompatibility with other reporting methods, and in its calculation methods of information risks. Improvements have been proposed to the inherent limitations of the methodology, but also how to increase IRAM2’s compatibility with other risk management models.
Master's thesis in Risk management