%0 Conference Proceedings %T Information Security Risk Management %+ Università degli Studi di Trento = University of Trento (UNITN) %A Dashti, Salimeh %A Giorgini, Paolo %A Paja, Elda %Z Part 1: Regular Papers %< avec comité de lecture %( Lecture Notes in Business Information Processing %B 10th IFIP Working Conference on The Practice of Enterprise Modeling (PoEM) %C Leuven, Belgium %Y Geert Poels %Y Frederik Gailly %Y Estefania Serral Asensio %Y Monique Snoeck %I Springer International Publishing %3 The Practice of Enterprise Modeling %V LNBIP-305 %P 18-33 %8 2017-11-22 %D 2017 %R 10.1007/978-3-319-70241-4_2 %K Information security %K Security risk analysis %K Security requirements engineering %Z Computer Science [cs] %Z Humanities and Social Sciences/Library and information sciencesConference papers %X Security breaches on the socio-technical systems organizations depend on cost the latter billions of dollars of losses each year. Although information security is a growing concern, most organizations deploy technical security measures to prevent security attacks, overlooking social and organizational threats and the risks faced because of them. In this paper, we propose a method to information security risk analysis inspired by the ISO27k standard series and based on two state-of-art methods, namely the socio-technical security requirements method STS and the risk analysis method CORAS. The method captures social interactions among stakeholders, while capturing both the risks that threaten their assets as well as those arising while interacting with others. Then, the method suggests how assets are to be protected based on the information classification and potential losses incurred by security breaches. An example from the healthcare domain is used throughout the paper to illustrate the method. %G English %Z TC 8 %Z WG 8.1 %2 https://inria.hal.science/hal-01765266/document %2 https://inria.hal.science/hal-01765266/file/459826_1_En_2_Chapter.pdf %L hal-01765266 %U https://inria.hal.science/hal-01765266 %~ SHS %~ IFIP %~ IFIP-TC %~ IFIP-LNBIP %~ IFIP-WG %~ IFIP-TC8 %~ IFIP-WG8-1 %~ IFIP-POEM %~ IFIP-LNBIP-305