Risk Assessment Framework (RAF)
Main Article Content
Abstract
Today’s business is very much dependent on the information systems. Computer networks have transferred our life into a fast and
comfortable one but at the same time, it has posed various threats to the existing information system due to open accessibility. Any information asset,
when connected to the outside world, is vulnerable to attacks. The attacks are mainly caused by threats that have the potential to exploit
vulnerabilities. Any type of damage to these assets causes risk and it is one of the most important factors to the organization. The risk of malicious
attacks to the software security has considerably gone up and to prevent such risk is very necessary. The maxim ‘sooner is better’ has become the
order of the day. Hence, this study was undertaken in view of the significance of risk assessment in the requirements phase of SDLC. In the absence
of any roadmap/process/framework, in this paper, we hereby propose Risk Assessment Framework (RAF) for assessing the risk in the requirements
phase itself along with validation results. This framework has three major components: nine security policies checklists, weightage for the attributes
of each policy and quantified risk estimation. Such a framework may prove to be relevant at mitigation of security vulnerabilities, right from the
beginning i.e. requirements phase and lead to considerable reduction of cost in terms of software security assurance.
Keywords: Risk Assessment, Risk Assessment Framework, Information Security, Quantitative Assessment of Risk.
Downloads
Article Details
COPYRIGHT
Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
- The journal allows the author(s) to retain publishing rights without restrictions.
- The journal allows the author(s) to hold the copyright without restrictions.