【正文】 hood ., probability that a security event will occur ., that a vulnerability will be exploited multiplied by the expected moary loss of such an event risk probability * expected loss. This output is used to pute a costbenefit analysis of implementing security safeguards that will reduce risk to an acceptable level ., Pfleeger and Pfleeger, 2020。 Kolokotronis et al, 2020。 Humphreys et al., 1998 p. 49。 Barrese and Scordis, 2020。6 suggests future areas of research, followed by a conclusion in 167。s benefits. 167。3 describes the traditional risk analysis method, along with its strengths and limitations. Next, a holistic risk analysis method is proposed in 167。一個識別信息安全風險的整體風險分析方法外文翻譯 畢業(yè)論文外文翻譯 原文 A HOLISTIC RISK ANALYSIS METHOD FOR DENTIFYING INFORMATION ECURITY RISK Janine L. Spears The Pennsylvania State University, Smeal College of Business, University Park, PA 16802 Abstract: Risk analysis is used during the planning of information security to identify security requirements, and is also often used to determine the economic feasibility of security safeguards. The traditional method of conducting a risk analysis is technologydriven and has several shortings. First, its focus on technology is at the detriment of considering people and processes as significant sources of security risk. Second, an analysis driven by technical assets can be overly timeconsuming and costly. Third, the traditional risk analysis method employs calculations based largely on guesswork to estimate probability and financial loss of a security breach. Finally, an ITcentric approach to security risk analysis does not involve business users to the extent necessary to identify a prehensive set of risks, or to promote security awareness throughout an anization. This paper proposes an alternative, holistic method to conducting risk analysis. A holistic risk analysis, as defined in this paper, is one that attempts to identify a prehensive set of risks by focusing equally on technology, information, people, and processes. The method is driven by critical business processes, which provides focus and relevance to the analysis. Key aspects of the method include a businessdriven analysis, user participation the analysis, architecture and data flow diagrams as a means to identify relevant IT assets, risk scenarios to capture procedural and security details, and qualitadve esdmadon. The mixture of people and tools involved in the analysis is expected to result in a more prehensive set of idendfied risks and a significant increase in security awareness throughout the anizadon. Keywords: risk analysis, informadon security, risk management, business process, data flow diagram,risk scenario. 1. INTRODUCTION Managing information security is essentially managing a form of management of risk generally involves conducting a risk analysis to identify and evaluate risks, and then employing risk management techniques to mitigate or reduce risks where deemed appropriate. Likewise, the standard approach to managing information security involves conducting a risk analysis to identify risks to confidentiality, integrity, and availability of information systems, which is followed by risk management where safeguards are employed to mitigate those risksTraditional risk analysis methods applied to information systems focus foremost on technology with limited attention to people and processesHowever, an information system is prised of technology, people, processes, and data. Therefore, an effective security