In this paper, we present a conceptual modeling approach, which is new in the domain of information systems security risk assessment. The approach is helpful for performing means-end analysis, thereby uncovering the structural origin of security risks in an information system, and how the rootcauses of such risks can be controlled from the early stages of the projects. The approach addresses this limitation of the existing security risk assessment models by exploring the strategic dependencies between the actors of a system, and analyzing the motivations, intents, and rationales behind the different entities and activities constituting the system.

Additional Metadata
Conference 3rd International Workshop on Security in Information Systems, WOSIS 2005, in Conjunction with ICEIS 2005
Citation
Misra, S.C. (Subhas C.), Kumar, V, & Kumar, U. (2005). An approach for modeling information systems security risk assessment. Presented at the 3rd International Workshop on Security in Information Systems, WOSIS 2005, in Conjunction with ICEIS 2005.