Information Security Risk: Methods for Assessment and Representation
Security risk assessment is a fundamental element of security management in organisations because it forms the basis for understanding an organisation's threat and risk exposure, and for defining goals and budgets for the implementation and operation of security controls. It is therefore important that organisations use adequate methods for assessing and representing risk. There exist various methods for risk estimation, where each method has its advantages and disadvantages with regard to the assessment and interpretation of input parameters, the estimation method itself, and the representation and interpretation of the output risk levels. This Master project focuses on comparing a set of prominent methods with regard to their qualities in terms of assessment, representation and interpretation of security risk. The project can also include suggestions for improvements in risk assessment methods in order to increase the clarity in interpretation and perception of security risk.