A proposed taxonomy of assets for information security risk assessment (ISRA)

Abstract

Information security has become a vital entity because organizations across the globe conduct business in an interconnected and information rich environment. Hence, organizations wanting to eliminate the possible risks in their organizations by conducting information security risk assessment (ISRA). By means of this ISRA, organizations are able to identify and prioritize information assets and ensure that effective control mechanisms are utilized for high-priority information assets. However, current ISRA methods have critical limitations in that they adopt merely a technical perspective. Currently available ISRA methods function in a limited view of information assets. The aim of this paper is to propose a taxonomy of assets for ISRA. The presented taxonomy of assets is not only able to guide ISRA practitioners to examine which assets are most important to the organization in the early process of doing risk assessment but also enables them to collect all the needed information associated with assets before and during their actual ISRA implementation. A structured approach was carried out using Webster & Watson guidelines for determining the source material for the review. The result shows the limitation on identifying information assets issue which have been discussed separately by various researchers but none of the researchers have combines all the human related non-technical perspective assets together under on frame as the taxonomy of assets for ISRA.