, A. Ekelhart, S. Fenz:
"AURUM: A Framework for Information Security Risk Management
Vortrag: 42th Hawaii International Conference on System Sciences (HICSS'09), Hawaii; 05.01.2009 - 08.01.2009; in:"Proceedings of the 42th Hawaii International Conference on System Sciences (HICSS'09)
", (2009), S. 1 - 10.
[ Publication Database
As companies are increasingly exposed to a variety of information security threats, they are permanently forced to pay attention to security issues. Risk management provides an effective approach for measuring the security through risk assessment, risk mitigation and evaluation. Existing risk management approaches are highly accepted but demand very detailed knowledge about the IT security domain and the actual company environment. This paper presents AURUM - a new methodology for supporting the NIST SP 800-30 risk management standard - and provides a comparison with the GSTool and CRISAM in order to highlight the benefits decision makers may expect when using AURUM.