A comprehensive framework for comparing system security risk assessment methods

With the increasing importance of system security risk assessment, a number of system security risk assessment methods or models have already appeared and more are emerging every day. Therefore it is difficult for organizations to select a method that best suits their requirements. The difficulty of selection drives the need toward a comparative framework to evaluate system security risk assessment methods. In the underlying research-in-progress paper we propose a comprehensive framework for comparing system security assessment methods. Unlike most of the existing comparative framework, the proposed framework covers the whole process of system security risk assessment based on the evaluation criteria of completeness and effectiveness. In our future research, three current system security risk assessment methods will be evaluated using the proposed comparative framework. This framework will highlight the strengths and weaknesses of the methods compared.