This paper addresses risk assessment in organizations lackingbenchmarking and risk assessment references. We started with a strategicconceptualization of information technology services that an organizationdepends on, these services were seen as network services that are redistributedinto basic service elements; these service elements are expressed in terms ofhosts running these services and their interconnections. Eventually; we wereable to express strategic services’ vulnerabilities in terms of host vulnerabilities.Closing this gap led us to construct a risk reference for the organizationalstrategic services. Using relevant information about these vulnerabilities wewere able to introduce a risk probability model, a risk impact model and a riskweighting approach using Borda Count. We followed a step-by-step approachto build the risk with a holistic view. We implemented the suggested model onAl-Quds Open University’s (QOU) IT infrastructure as a case study and wewere able to derive the strategic services’ risks and the overall organizationalIT risk.
"A Network Service-Based Risk Assessment Model a Case Study on an Educational Organizations,"
Palestinian Journal for Open Learning & e-Learning: Vol. 5
, Article 7.
Available at: https://digitalcommons.aaru.edu.jo/jropenres/vol5/iss9/7