DOI: https://dx.doi.org/10.26808/rs.ca.i8v2.08 International Journal of Computer Application (2250-1797) Issue 8 Volume 2, March-April 2018 82 Comparative Study of Information Security Risk Assessment Frameworks Umesh Kumar Singh #1 , Chanchala Joshi #2 #1 Institute of Computer Science, Vikram University, Ujjain, India #2 Institute of Computer Science, Vikram University, Ujjain, India, ABSTRACT With the increasing need of securing organization’s computing environment, a security risks management framework is essentially needed that define the security risks management process accurately. In this regard, numerous risks management frameworks have been developed, and many more are emerging every day. They all have very different perspectives and addressing problems differently, though with the same basic goal of risks mitigation in direction of information security. Information is a critical asset for every organization and hence development and implementation of strategic plans for information security risks mitigation should be an essential part of every organizations operation. This paper compares and analyzes the different activities, inputs and outputs required by each information security risk assessment models. The primary goal of the paper is to identify which information security risk assessment model assesses information security risk effectively. The comparative study helps in evaluating the models’ applicability to an organization and their specific needs. Key words: information security; vulnerability analysis; risks assessment model; risks management Corresponding Author: Chanchala Joshi I. INTRODUCTION Vulnerability assessment is the examination of weaknesses that may be exploited by identified threats. This assessment might take into account the environment and existing safeguards. In organizations’, the need for vulnerabilities detection and assessment is usually underestimated till now. It is just considered as a formality activity and use by very fewer people. By using regular and efficient vulnerability assessment, we can reduce the substantial amount of risk to be attacked and have more secure systems. An information security risks management framework is a series of defined processes that are used to define strategies and procedures around the implementation and continuing management of information security controls in an enterprise system context. These frameworks are a "blueprint" for developing an information security program to manage risks and overcome vulnerabilities. Information security process can utilize these frameworks to define and prioritize the tasks required to build security into an organization.