Approaches to risk assessment in information security: to what extent are the current methodologies in line with the latest thinking in risk science?

Moruwat, Tahmeena Mahmoudi

dc.contributor.advisor	Andersen, Lasse Berg
dc.contributor.author	Moruwat, Tahmeena Mahmoudi
dc.date.accessioned	2023-09-27T15:51:27Z
dc.date.available	2023-09-27T15:51:27Z
dc.date.issued	2023
dc.identifier	no.uis:inspera:137509694:22528296
dc.identifier.uri	https://hdl.handle.net/11250/3092478
dc.description	Full text not available
dc.description.abstract	This thesis aims to address the research problem of assessing the alignment between current methodologies in risk assessment for information security and the latest thinking in risk science. The research question is formulated as such: Approaches to risk assessment in information security: to what extent are the current methodologies in line with the latest thinking in risk science? Additionally, two research questions are formulated to explore the extent to which risk assessment methodologies in information security incorporate risk science principles and how the latest developments in risk science can enhance risk assessment practices in this domain. The primary objective of this study is to investigate the level of integration of risk science in risk assessment processes concerning information security. This objective will be achieved through a comprehensive review of risk science and information security risk assessment methodologies. The study also aims to highlight the potential value that the latest thinking in risk science can bring to information security risk assessment. By conducting a literature review, I have presented and explained the latest developments in risk science and listed the common approaches to information security risk management. Furthermore, by conducting semi-structured interviews this research examines the common approaches and practices to information security risk assessment employed in Norwegian private and public organizations. The study further explores the actors involved in conducting risk assessments, the methods used to conduct information security risk assessments, and the communication strategies applied to communicate the results. This study helps improve our understanding of the importance of comprehensive risk assessment. Through thorough analysis and extensive discussions, the study illuminates the potential to enhance risk assessment in the context of information security through the incorporation of risk science principles. Furthermore, the study has addressed the challenges associated with conducting inadequate risk assessments.
dc.description.abstract
dc.language	eng
dc.publisher	uis
dc.title	Approaches to risk assessment in information security: to what extent are the current methodologies in line with the latest thinking in risk science?
dc.type	Master thesis

Files in this item

Files	Size	Format	View

This item appears in the following Collection(s)

Studentoppgaver (TN-ISØP) [1412]
Master- og bacheloroppgaver i Byutvikling og urban design / Offshore technology : risk management / Risikostyring / Teknologi/Sivilingeniør : industriell økonomi / Teknologi/Sivilingeniør : risikostyring / Teknologi/Sivilingeniør : samfunnssikkerhet

Show simple item record