Approaches to risk assessment in information security: to what extent are the current methodologies in line with the latest thinking in risk science?
Master thesis
Permanent lenke
https://hdl.handle.net/11250/3092478Utgivelsesdato
2023Metadata
Vis full innførselSamlinger
- Studentoppgaver (TN-ISØP) [1410]
Beskrivelse
Full text not available
Sammendrag
This thesis aims to address the research problem of assessing the alignment between current methodologies in risk assessment for information security and the latest thinking in risk science. The research question is formulated as such: Approaches to risk assessment in information security: to what extent are the current methodologies in line with the latest thinking in risk science? Additionally, two research questions are formulated to explore the extent to which risk assessment methodologies in information security incorporate risk science principles and how the latest developments in risk science can enhance risk assessment practices in this domain.
The primary objective of this study is to investigate the level of integration of risk science in risk assessment processes concerning information security. This objective will be achieved through a comprehensive review of risk science and information security risk assessment methodologies. The study also aims to highlight the potential value that the latest thinking in risk science can bring to information security risk assessment.
By conducting a literature review, I have presented and explained the latest developments in risk science and listed the common approaches to information security risk management. Furthermore, by conducting semi-structured interviews this research examines the common approaches and practices to information security risk assessment employed in Norwegian private and public organizations. The study further explores the actors involved in conducting risk assessments, the methods used to conduct information security risk assessments, and the communication strategies applied to communicate the results.
This study helps improve our understanding of the importance of comprehensive risk assessment. Through thorough analysis and extensive discussions, the study illuminates the potential to enhance risk assessment in the context of information security through the incorporation of risk science principles. Furthermore, the study has addressed the challenges associated with conducting inadequate risk assessments.