To search, Click below search items.


All Published Papers Search Service


Information Security Risk Management by a Holistic Approach: a Case Study for Vietnamese e-Government


Ha LE Viet1, On PHUNG Van and Hoa NGUYEN Ngoc


Vol. 20  No. 6  pp. 72-82


Information security risk management is one of the essential tasks currently in ensuring information security. In particular, for e-Government information systems, the assessment and management of security risks through the exploitation of software vulnerabilities, network equipment, etc., allow us to minimize the loss of data and essential information of organizations in e-Government. In this paper, we introduce a holistic approach to assessing information security risks based on both qualitative and quantitative methods for the Vietnamese e-Government. Our model of security risk management is built according to both international standards (ISO 27005-2018, NIST SP800-30r1, SP800-39, SP800-53r4) and Vietnamese standard (TCVN). For the quantitative risk method, we use both CVSS and OWASP scoring standards to quantify information system risks. Besides, the information security risks of the system can also be determined through vulnerability scanners. We also implemented the proposed model in a Web application, called SoC.UET. The experiments we conducted with UET.SoC allowed proving the ability to manage the information security risks holistically for a Ministry or a Province in the Vietnamese e-Government.


Information Security Risks Security Risk Assessment Security Risk Control Security Risk Management.