Skip to main content

Exiting the risk assessment maze: A meta-survey.

Gritzalis, D., Iseppi, G., Mylonas, A. and Stavrou, V., 2018. Exiting the risk assessment maze: A meta-survey. ACM Computing Surveys, 51 (1), 11.

Full text available as:

PDF (© ACM, 2017. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution.)
PDF26990038-515074874.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.


DOI: 10.1145/3145905


Organizations are exposed to threats that increase the risk factor of their ICT systems. The assurance of their protection is crucial, as their reliance on information technology is a continuing challenge for both security experts and chief executives. As risk assessment could be a necessary process in an organization, one of its deliverables could be utilized in addressing threats and thus facilitate the development of a security strategy. Given the large number of heterogeneous methods and risk assessment tools that exist, comparison criteria can provide better understanding of their options and characteristics and facilitate the selection of a method that best fits an organization’s needs. This paper aims to address the problem of selecting an appropriate risk assessment method to assess and manage information security risks, by proposing a set of comparison criteria, grouped into 4 categories. Based upon them, it provides a comparison of the 10 popular risk assessment methods that could be utilized by organizations to determine the method that is more suitable for their needs. Finally, a case study is presented to demonstrate the selection of a method based on the proposed criteria

Item Type:Article
Group:Faculty of Science & Technology
ID Code:29834
Deposited By: Symplectic RT2
Deposited On:06 Oct 2017 13:55
Last Modified:14 Mar 2022 14:07


Downloads per month over past year

More statistics for this item...
Repository Staff Only -