A Network Service-Based Risk Assessment Model a Case Study on an Educational Organizations

Authors

  • ترجمة: د. إنصاف عباس

Keywords:

Risk Assessment, Vulnerability Management, Information Security, Business Continuity, Borda Count.

Abstract

This paper addresses risk assessment in organizations lacking

benchmarking and risk assessment references. We started with a strategic

conceptualization of information technology services that an organization

depends on, these services were seen as network services that are redistributed

into basic service elements; these service elements are expressed in terms of

hosts running these services and their interconnections. Eventually; we were

able to express strategic services’ vulnerabilities in terms of host vulnerabilities.

Closing this gap led us to construct a risk reference for the organizational

strategic services. Using relevant information about these vulnerabilities we

were able to introduce a risk probability model, a risk impact model and a risk

weighting approach using Borda Count. We followed a step-by-step approach

to build the risk with a holistic view. We implemented the suggested model on

Al-Quds Open University’s (QOU) IT infrastructure as a case study and we

were able to derive the strategic services’ risks and the overall organizational

IT risk.

Downloads

Published

2017-05-23

How to Cite

عباس ت. د. إ. (2017). A Network Service-Based Risk Assessment Model a Case Study on an Educational Organizations. Palestinian Journal for Open Learning & E-Learning, 5(9). Retrieved from https://journals.qou.edu/index.php/jropenres/article/view/408

Issue

Vol. 5 No. 9 (2015): المجلد الخامس- العدد التاسع - كانون ثاني 2015

Section

Translated Research Papers and Articles

License

  1. The editorial board confirms its commitment to the intellectual property rights
  2. Researchers also have to commit to the intellectual property rights.
  3. The research copyrights and publication are owned by the Journal once the researcher is notified about the approval of the paper. The scientific materials published or approved for publishing in the Journal should not be republished unless a written acknowledgment is obtained by the Deanship of Scientific Research.
  4. Research papers should not be published or republished unless a written acknowledgement is obtained from the Deanship of Scientific Research.
  5. The researcher has the right to accredit the research to himself, and to place his name on all the copies, editions and volumes published.
  6. The author has the right to request the accreditation of the published papers to himself.