With the wide spread use of e-transactions in enterprises, information security risk management (ISRM) is becoming essential for establishing a safe environment for their activities. This paper is concerned with presenting a com-prehensive ISRM framework that enables the effective establishment of the tar-get safe environment. The framework has two structural dimensions; and two procedural dimensions. The structural dimensions include: ISRM ''scope'' and ISRM ''assessment criteria'', while the procedural dimensions include: ISRM ''process'' and ISRM ''assessment tools''. The framework uses the comprehen-sive STOPE (strategy, technology, organization, people, and environment) view for the ISRM scope; while its assessment criteria is considered to be open to var-ious standards. For the procedural dimensions, the framework uses the widely known six-sigma DMAIC (define, measure, analyze, improve, and control) cycle for the ISRM process; and it considers the use of various assessment tools. It is hoped that the framework would be widely used in the future as an open refer-ence for ISRM.
Mendeley saves you time finding and organizing research
Choose a citation style from the tabs below