A Business Process-Based Risk Evaluation Framework
To present the essence of information system risk evaluation and improve the effect of evaluation, the paper puts forward a business process-based information system risk evaluation after analyzing the current risk evaluation methods. The framework begins with the description of business process in perspective of information security and then analyzes and assesses the business activities. The risk-control evaluation of business activities is brought forward and the optional security control measures are comprehensively evaluated so as to ensure security of business activities. The framework focuses on business process activities so that information system assets, their vulnerabilities and threats are associated and evaluation of isolated and meaningless assets is avoided.
Ran Chen and Wenli Yao
Z. W. Yu "A Business Process-Based Risk Evaluation Framework", Advanced Materials Research, Vols. 230-232, pp. 1024-1028, 2011