Browse > Article
http://dx.doi.org/10.14400/JDC.2019.17.1.141

A Study on Developing Framework for Measuring of Security Risk Appetite  

Gim, Gisam (Dept. of Industrial Convergence Security, Chung-Ang University)
Park, Jinsang (Dept. of Convergence Security, Chung-Ang University)
Kim, Jungduk (Dept. of Industrial Security, Chung-Ang University)
Publication Information
Journal of Digital Convergence / v.17, no.1, 2019 , pp. 141-148 More about this Journal
Abstract
The advancement of digital technology accelerates intelligence, convergence, and demands better change beyond traditional methods in all aspects of business models and technologies, infrastructure, processes, and platforms. Risk management is becoming more important because of various security risks, depending on the changing business environment and aligned to business goals is emerging from the existing information asset based risk management. For business aligned risk management, it is essential to understand the risk appetite for achieving business goals, which provides a basis for decision-making in subsequent risk management processes. In this paper, we propose a framework for analyzing the risk management framework, pre - existing risk analysis, and protection motivation theory that influences decisions on security risk management. To examine the practical feasibility of the developed risk appetite framework, we reviewed the applicability and significance of the proposed risk appetite framework through an advisory committee composed of security risk management specialists.
Keywords
Risk Management; Risk Appetite; Security Risk Appetite; Risk Appetite Framework; Risk Appetite Measurement;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. D. Kim & C. G. Jin. (2016). International Standardization Trends and Issues of Cyber Resilience, Review of KIISC, 26(4), 11-15.
2 Cybersecurity as a Growth Advantage. (2016). San Jose:CISCO.
3 A new posture for cybersecurity in a networked world. (2018). New York:Mckinsey.
4 COSO ERM Integrating with Strategy and Performance. (2017). California:COSO.
5 G. Stoneburner, A. Goguen & A. Feringa. (2002). Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology. Gaithersburg:NIST.
6 M. E. Whitman. (2003). Enemy at The Gate: Threats to Information Security. Communications of the ACM, 46(8), 91-95.   DOI
7 Achieving Resilience in the cyber ecosystem. (2014). London:Ernst & Young.
8 Risk management 31000. (2018). ISO, Switzerland, ISBN 978-92-67-10784-4.
9 ISO/IEC. ISO/IEC 27005:2014. (2014). Geneva:ISO.
10 W. S. Kim & J. H. Min. (2018). A Practical Approach to Measuring the Risk Attitudes of Individual Investors. Journal of the Korean Operations Research and Management Science Society, 43(1), 1-19.   DOI
11 J. G. March & Z. Shpira. (1987). Managerial Perspectives on risk and risk taking. Management Science, 33(11), 1404-1418.   DOI
12 C. E. Irwin Jr. (1993). Adolescence and risk taking: How are they related. Thousand Oaks:SAGE Publications.
13 S. H. Joung & M. K. Shin. (2011). A Study on the Related Variables to Financial Risk Tolerance and the Ratio of Risky Asset Possession. Financial Planning Review, 4(4), 1-20.
14 The Gartner Strategic Risk Evaluation Approach for Digital Business. (2014). Stamford:Gatner.
15 B. Richard. (2016). Risk appetite - How hungry are you?. London:PwC.
16 Risk appetite frameworks How to spot the genuine article. (2014). New York:Deloitte.
17 P. Mukul. (2013). What Is Your Risk Appetite?. Illinois:ISACA.
18 S. H. Jang & E. J. Yoon. (2016). A Comparative Study on the Awareness of Health Risks and the Risk Reduction Measures Related to Sodium Intake between Female and Male University Students in Busan and Gyeongnam : An Application of Protection Motivation Theory. Korean Journal of Food and Cookery Science, 32(1), 136-146.   DOI
19 R. W. Rogers. (1983). Cognitive and psychological processes in fear appeals and attitude change: A revised theory of protection motivation. Social psychophysiology: A sourcebook, 153-176.
20 H. J. An, J. Y. Jang & B. S. Kim. (2015). Factors Drawing Members of a Financial Institution to Information Security Risk Management. Information Systems Review, 17(3), 39-64.   DOI
21 Y. M. Song & S. H. Kim. (2012). A Study on the Impact of the Security Risk Management Awareness Management in the Organization. Korean Association Of Industrial Business Administrarion, 425-440.
22 David L. Morgan. (2007). Foucs groups as qualitative research. Seoul:KOONJA.
23 D. Cabrera, J. T. Mandel & J. P. Andras. (2008). What is the crisis? efining and prioritizing the world's most pressing problems. Front Ecol Environ, 6(9), 469-475.   DOI