A comprehensive method to assess work system security risk

Surya B. Yadav, Tianxi Dong

Research output: Contribution to journalArticlepeer-review

6 Scopus citations


This article presents a comprehensive method to assess system security risks. The method includes a cohesive set of steps to not only identify a more complete set of security risks but also assess them in a systematic manner. The method is based on the integration of two kinds of models: (1) qualitative models emphasizing security risk factors and security requirement determination and (2) quantitative models that focus on formal evaluation and assessment of system security risks. Unlike most of the existing methods, the proposed method covers the whole process of system security risk assessment spanning all three phases-ascertainment of security requirements, measurement of evidence for security requirements, and evaluation of evidence against the needed security mechanisms. The article extends existing work on system security risk methods by incorporating newideas of multifaceted security view and work system in a coherent set of steps. The article demonstrates the application of the proposed method to a real application and discusses the major results.

Original languageEnglish
Article number8
Pages (from-to)169-198
Number of pages30
JournalCommunications of the Association for Information Systems
Issue number1
StatePublished - 2014


  • Multifaceted work system security requirement
  • Security Risk Assessment Method
  • Security risk assessment
  • Security risk determination
  • Work system security mechanism


Dive into the research topics of 'A comprehensive method to assess work system security risk'. Together they form a unique fingerprint.

Cite this