An information security risk assessment model for public and university administrators /

Casas, Victoriano.

January 2006

Thesis (M. P. A.)--Texas State University-San Marcos, 2006. / "Spring 2006." Includes bibliographical references (leaves 72-74).

Engineering approach to risk management in information technology systems

Seker, Harun

10 September 2012

M.Phil. / The use of information systems has increased dramatically after the emergence of internet. Individuals, companies and organizations are becoming increasingly dependent on IT systems. Before technology and computers became such an important part of society, it was difficult to manage and control large organizations. Today computers enable the effective and efficient management of large organizations, therefore allowing them to spread throughout the country and world. Businesses are following latest advances in this era to remain competitive in the changing global market place. They use computers, automated IT systems and networks to gather, store, retrieve, process, and analyze information as well as to trade and communicate. The rapid advances in computer technology are largely a result of the research, development and design efforts of computer engineers. There is a direct correlation between a nation's wealth and scientific and technological capacity. The most effective way of taking our country forward is to enthuse our youth for science and technology. As the world makes rapid, sometimes breathtaking strides in the diverse fields of science and technology, South Africa more than ever needs qualified individuals who will use their skills and entrepreneurial spirit to enable our country to complete internationally with the best. However, Information systems and networks and their worldwide increasing usage have been accompanied by new and increasing risks. Data and information stored on and transmitted over information technology systems and networks are subject to threats from various means of unauthorized access, such as misuse, misappropriation, alteration, malicious code transmissions, denial of service or destruction and require appropriate safeguards. This research report will aim to emphasize the importance of risk management and its three activities; risk assessment, risk mitigation and evaluation and assessment. It will focus on activities that deal with the solution of problems through logical thinking, information system management This report will also deal with a case study that gives us real life examples of risk management experiences of one local computer hardware and software supplier companies. Information has become valuable assets that need to be protected after moving to a digital era and E-commerce. Protecting information can also be as critical as protecting other resources like money and physical assets.

Risk management

Information technology - Risk assessment

Engineering - Risk assessment

The quantification of information security risk using fuzzy logic and Monte Carlo simulation.

Vorster, Anita

04 June 2008

The quantification of information security risks is currently highly subjective. Values for information such as impact and probability, which are estimated during risk analysis, are mostly estimated by people or experts internal or external to the organization. Because the estimation of these values is done by people, all with different backgrounds and personalities, the values are exposed to subjectivity. The chance of any two people estimating the same value for risk analysis information is rare. There will always be a degree of uncertainty and imprecision in the values estimated. It is therefore during the data-gathering phase of risk analysis that the problem of subjectivity lies. To address the problem of subjectivity, techniques that mathematically deal with and present uncertainty and imprecision are used to estimate values for probability and impact. During this research a model for the objective estimation of probability was developed. The model uses mostly input values that are entirely objective, but also a small number of subjective input values. It is in these subjective input values that fuzzy logic and Monte Carlo simulation come into play. Fuzzy logic takes a qualitative subjective value and gives it an objective value, and Monte Carlo simulation complements fuzzy logic by giving a cumulative distribution function to the uncertain, imprecise input variable. In this way subjectivity is dealt with and the result of the model is a probability value that is estimated objectively. The same model that was used for the objective estimation of probability was used to estimate impact objectively. The end result of the research is the combination of the models to use the objective impact and probability values in a formula that calculates risk. The risk factors are then calculated objectively. A prototype was developed as proof that the process of objective information security risk quantification can be implemented in practice. / Prof. L. Labuschagne

Risk assessment

Monte Carlo method

Fuzzy logic

Computer security

Information technology risk assessment

The relationship between entity related corporate governance factors and the establishment of separate risk management committee in South Africa

Sekome, Nkoko Blessy

10 June 2014

M.Com. (Computer Auditing) / This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.

Auditing - Data processing

Financial risk management - South Africa

Information technology - Risk assessment

Corporate governance - South Africa