A new comprehensive framework for enterprise information security risk management

  • Saleh M
  • Alfantookh A
  • 1


    Mendeley users who have this article in their library.
  • N/A


    Citations of this article.


With the wide spread use of e-transactions in enterprises, information security risk management (ISRM) is becoming essential for establishing a safe environment for their activities. This paper is concerned with presenting a com-prehensive ISRM framework that enables the effective establishment of the tar-get safe environment. The framework has two structural dimensions; and two procedural dimensions. The structural dimensions include: ISRM ''scope'' and ISRM ''assessment criteria'', while the procedural dimensions include: ISRM ''process'' and ISRM ''assessment tools''. The framework uses the comprehen-sive STOPE (strategy, technology, organization, people, and environment) view for the ISRM scope; while its assessment criteria is considered to be open to var-ious standards. For the procedural dimensions, the framework uses the widely known six-sigma DMAIC (define, measure, analyze, improve, and control) cycle for the ISRM process; and it considers the use of various assessment tools. It is hoped that the framework would be widely used in the future as an open refer-ence for ISRM.

Author-supplied keywords

  • Enterprise security
  • Information security
  • Risk management
  • STOPE view
  • Six-sigma

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • M.S. Saleh

  • A. Alfantookh

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free