Evaluation of Current Drivers, Challenges and State of Art in Risk Treatment and Asset Management Planning for a Sewer District

Nirmalkumar, Deepika

20 September 2011

No description available.

Civil Engineering

risk assessment

risk treatment

sewer management

wastewater collection

Relation between cyber insurance and security investments/controls.

Uuganbayar, Ganbayar

26 April 2021

Nowadays, organisations consider cyber security risk as one of the critical risks at organisations. Due to the increase of cyber-related attacks and more advanced technologies, organisations are forced to implement the proper cyber risk management and find the optimality of security expenditure distribution for treating those risks. About twenty years ago, cyber insurance has been introduced as one of the risk treatment methods backing up the security controls. The concept is further benefiting both organisations and the market, where the insurers globally expect 20$ billion in 2025 [1]. On the other hand, cyber insurance has been dealing with several hurdles on the way to maturing. One of the problematic challenges is the relation between cyber insurance and security investments (or controls). Several papers theoretically devoted the analyses on this issue where some highlighted that cyber insurance could be an incentive for security investments while others claim may lead to the fall of investments for self-protection. Since everything lies in a densely interconnected and risk-prone cyber environment, there are various factors on the relation, which effects should be thoroughly investigated. The overall goal of the thesis is to analyse the problems lying in the risk treatment phase and propose an applicable solution to deal with. In particular, we would like to take into account the following factors to address the relation between cyber insurance and security investments. We first analyse different market models to study possible ways to keep both cyber insurance and security investments in both competitive and non-competitive insurance markets. Some studies showed that security investments fall in the non-competitive insurance market. In this regard, we would like to investigate the possibility of raising the security investments by optimising the loading factor, an additional amount of fee for the premium. In practice, organisations do not face a single threat but multiple threats during a certain period. To the best of our knowledge, there is not a study considering multiple threats in the cyber insurance field to analyse how security investments can be varied. Thus, we investigate the multiple threats case in a competitive cyber insurance market and find how security expenditure can be efficiently distributed between the insurance premium and security investments/controls. The analysis allows us to map security controls and cyber insurance cost-effectively. We provide both theoretical and algorithmic solutions to deal with the problem and validate the solutions in both artificial and practical cases. For a practical scenario, we develop a questionnaire-based risk assessment tool to feed our risk treatment solution with necessary empirical data. In both insurance markets, a degree of security interdependence is a unique peculiarity that affects the behaviour of organisations to invest in their self-protection and have cyber insurance. We theoretically analyse the effect of security interdependence in both market models and show whether it affects positively or negatively.

Riskhantering för enledningsschakt : En tillämpning av SGFs riskhanteringsmetodik i utförandeskedet

Burlin, Annika

January 2022

In most civil engineering projects, the risk of slope failure has to be considered for allexcavations performed until the project is completed. The risk is founded in the uncertaintiesof the geotechnical properties of the soil that the excavations are performed in. With the riskof slope failure follows the risk towards the project budget, delays versus time plan andinjures to those involved in the excavation. To prevent the aforementioned risks the SwedishGeotechnical Society, SGF, have written a report that presents a structured way to performrisk management within geotechnical projects.By performing an excavation that simulates one that would be excavated for installing pipeswithin clay, measurement have been performed on wooden sticks that has reflex tape. Thewooden sticks were placed on the head and the toe of the excavated slope, with the intentionto capture the movement of a beginning slope failure. This was performed by using theobservational method for the risk treatment in the risk management process for theexcavation. The results of the measurements in the slope toe indicates a beginning of a slopefailure. However, due to the large spread of measured results on the excavation head theresults could not be used as information for risk treatment.

Risk management

risk treatment

the observational method

slope failure

Engineering and Technology

Teknik och teknologier

Diseño de un Sistema de Gestión de Seguridad de la Información basado en la norma ISO/IEC 27001:2013 para la Municipalidad Distrital de El Agustino / Design of an Information Security Management System based on the ISO/IEC 27001:2013 standard for the District Municipality of El Agustino

Monteza Mera, Lisbet Odelly

26 February 2019

Este proyecto describe el diseño del Sistema de Gestión de Seguridad de la Información basado en la norma ISO/IEC 27001:2013 para proteger los activos de información asociados al proceso de recaudación y fiscalización tributaria de la Municipalidad Distrital de El Agustino. Tal como sugiere la norma ISO 27001 se siguió el ciclo de Deming o PDCA y consta de las siguientes etapas: en la primera se realizó el diagnóstico inicial de la entidad con respecto a la norma ISO/IEC 27001:2013; en la segunda se estableció el contexto de la organización, definiendo los procesos, el alcance, la política de seguridad y el comité de seguridad de la información; en la tercera se siguió la metodología de análisis y gestión de riesgo bajo la norma ISO/IEC 31000 donde se identificó, clasificó y valoró los activos de información, se identificaron las amenazas y vulnerabilidades, se realizó el cálculo del impacto y del riesgo para luego realizar el plan de tratamiento de riesgos identificando los controles de la norma ISO/IEC 27002:2013; en la cuarta etapa se elaboró la Declaración de Aplicabilidad y finalmente se elaboró el documento del Manual del SGSI. Dentro de este marco el trabajo nos permitió concluir en la importancia de protección de los activos de información garantizando la confidencialidad, integridad y disponibilidad de estos. / This project describes the design of the Information Security Management System based on ISO / IEC 27001: 2013 to protect the information assets associated with the tax collection and control process of the District Municipality of El Agustino. As the ISO 27001 standard suggests, the Deming or PDCA cycle was followed and consists of the following stages: in the first one the initial diagnosis of the entity was made with respect to the ISO / IEC 27001: 2013 standard; in the second, the context of the organization was established, defining the processes, scope, security policy and information security committee; in the third, the risk analysis and management methodology was followed under the ISO / IEC 31000 standard where information assets were identified, classified and valued, threats and vulnerabilities were identified, impact and risk calculation was performed and then carry out the risk treatment plan identifying the controls of ISO / IEC 27002: 2013; in the fourth stage the Declaration of Applicability was prepared and finally the document of the ISMS Manual was prepared. Within this framework, the work allowed us to conclude on the importance of protection of information assets, guaranteeing their confidentiality, integrity and availability. / Tesis

Gestión de riesgos

Plan de tratamiento de riesgos

Information Security Management System

Risk management

Risk treatment plan

Diseño de un Sistema de Gestión de Seguridad de Información para la empresa Neointel SAC basado en la norma ISO/IEC 27001:2013 / Design of an Information Security Management System for Neointel SAC based on ISO / IEC 27001: 2013

Vásquez Ojeda, Agustín Wilmer

16 April 2020

El presente trabajo de tesis tiene como objetivo Diseñar un Sistema de Gestión de Seguridad de Información (SGSI), para mejorar la calidad en el servicio del Call Center de la empresa Neointel SAC. En este sentido, en presente modelo se detalla la manera más efectiva de como el Call Center va tratar sus riesgos de seguridad información, en base al anexo A de la norma ISO/IEC 27001: 2013, que permita reducir y mitigar los riesgos de los activos de información. Asimismo, se podrá reducir las vulnerabilidades tecnológicas a las que se encuentra expuesta el Call Center. Por otro lado, el diseño de este trabajo nos permite, clasificar los principales activos de información, así como determinar los principales riesgos de información a los que se encuentran expuestos y como se va a tratar los riesgos de seguridad de información alineados a los objetivos de negocio. Por último, se define los roles y responsabilidades dentro de la estructura organizacional de un Sistema de Gestión de Seguridad de Información (SGSI) y se propone un plan de tratamiento de riesgos, sobre los activos de información, la misma que ha permitido establecer a la empresa sus propios procedimientos de seguridad, los cuales se podrán apreciar en las políticas que la conforman. / This thesis work aims to Design an Information Security Management System (ISMS), to improve the quality of the service of the Call Center of the company Neointel SAC. In this sense, this model details the most effective way in which the Call Center will deal with its information security risks, based on Annex A of ISO / IEC 27001: 2013, which allows reducing and mitigating the risks of information assets. Likewise, the technological vulnerabilities to which the Call Center is exposed can be reduced. On the other hand, the design of this work allows us to classify the main information assets, as well as to determine the main information risks to which they are exposed and how the information security risks aligned with the objectives of deal. Finally, the roles and responsibilities within the organizational structure of an Information Security Management System (ISMS) are defined and a risk treatment plan on information assets is proposed, which has allowed the establishment of company its own security procedures, which can be seen in the policies that comprise it. / Tesis

Activos de información

Plan de tratamiento de riesgos

Information Security Management System

Information assets

Risk treatment plan

Řízení bezpečnosti inteligentní domácnosti / Smart Home Security Management

Valičková, Monika

January 2018

This diploma thesis is focused on increasing Smart Home Control System security in terms of information, network and physical security. It is based on a risk analysis of the current state of applied security management and the needs of the house owner. Both security countermeasure and cost analysis are thoroughly discussed, and the thesis also contains methodology, which describes the management of smart home security and improvement of end-user security awareness.

Řízení rizik ve stavebním podniku / Risk Management inside Construction Company

Štrbavý, Lukáš

January 2022

The aim of the diploma thesis is to describe risk management in a construction company. The first part of the diploma thesis is focused on theory, which deals with the explanation of basic concepts with risks and risk management in a construction company. The second, practical part addresses the risks of a specific project.

Řízení rizik ve stavebním podniku / Risk Management inside Construction Company

Titzová, Eva

Unknown Date

The thesis aims to describe risk management in the construction company. The work is divided into theoretical and practical part. The theoretical part presenst the classification of risks, describes the various stages of this complex process, including methods and techniques. The practical part is solved on a particular project, it summarises and completes the whole issue of risk.

Řízení rizik ve stavebním podniku / Risk Management inside Construction Company

Resl, Jan

January 2014

The aim of the thesis is to analyse issues of risk management in a construction company, especially in the context of construction contracts implementation. The first part is devoted to applied terminology and interpretation of relevant terms, followed by a classification of risks from different perspectives, including the risks’ possible further sub classification. Furthermore, significant risk resources and construction participants who might be affected by the risks are presented. The third chapter deals with risk management; individual phases of this complex process are described herein, including their correct sequences, as well as a selection of methods and techniques that are standardly used in risk management. The last, fourth chapter summarises the problems of risk management on a practical example, where a construction company implements a construction contract by applying selected risk management methodologies.