Information Security Risk Assessment: Towards a Business Practice Perspective
Information Security Risk Assessments (ISRAs) are of great importance for organisations. Current ISRA methods identify an organisation's security risks and provide a measured, analyzed security risk profile of critical information assets in order to build plans to treat risk. However, despite prevalent use in organisations today, current methods adopt a limited view of information assets during risk identification. In the context of day-to-day activities, people copy, print and discuss information, leading to the 'Leakage' of information assets. Employees will create and use unofficial assets as part of their day-to-day routines.