Asset identification in information security risk assessment: A business practice approach

Shedden, Piya, Ahmad, Atif, Smith, Wally, Tscherning, Heidi and Scheepers, Rens 2016, Asset identification in information security risk assessment: A business practice approach, Communications of the association for information systems, vol. 39, no. 1, pp. 297-320.

Attached Files
Name Description MIMEType Size Downloads

Title Asset identification in information security risk assessment: A business practice approach
Author(s) Shedden, Piya
Ahmad, Atif
Smith, Wally
Tscherning, Heidi
Scheepers, RensORCID iD for Scheepers, Rens
Journal name Communications of the association for information systems
Volume number 39
Issue number 1
Start page 297
End page 320
Total pages 24
Publisher Association for Information Systems
Place of publication Atlanta, Georgia
Publication date 2016-01-01
ISSN 1529-3181
Keyword(s) Information Security
Risk Assessment
ISRA Methodologies
Rich Description Method
Summary Organizations apply information security risk assessment (ISRA) methodologies to systematically and comprehensively identify information assets and related security risks. We review the ISRA literature and identify three key deficiencies in current methodologies that stem from their traditional accountancy-based perspective and a limited view of organizational "assets". In response, we propose a novel rich description method (RDM) that adopts a less formal and more holistic view of information and knowledge assets that exist in modern work environments. We report on an in-depth case study to explore the potential for improved asset identification enabled by the RDM compared to traditional ISRAs. The comparison shows how the RDM addresses the three key deficiencies of current ISRAs by providing: 1) a finer level of granularity for identifying assets, 2) a broader coverage of assets that reflects the informal aspects of business practices, and 3) the identification of critical knowledge assets.
Language eng
Field of Research 150302 Business Information Systems
080699 Information Systems not elsewhere classified
Socio Economic Objective 899999 Information and Communication Services not elsewhere classified
HERDC Research category C1 Refereed article in a scholarly journal
ERA Research output type C Journal article
Copyright notice ©2016, Association for Information Systems
Persistent URL

Connect to link resolver
Unless expressly stated otherwise, the copyright for items in DRO is owned by the author, with all rights reserved.

Version Filter Type
Citation counts: TR Web of Science Citation Count  Cited 8 times in TR Web of Science
Scopus Citation Count Cited 9 times in Scopus
Google Scholar Search Google Scholar
Access Statistics: 517 Abstract Views, 2 File Downloads  -  Detailed Statistics
Created: Mon, 28 Nov 2016, 14:46:42 EST

Every reasonable effort has been made to ensure that permission has been obtained for items included in DRO. If you believe that your rights have been infringed by this repository, please contact