Return to search

Developing a Risk Management System for Information Systems Security Incidents

The Internet and information systems have enabled businesses to reduce costs, attain
greater market reach, and develop closer business partnerships along with improved
customer relationships. However, using the Internet has led to new risks and concerns.
This research provides a management perspective on the issues confronting CIOs and IT
managers. It outlines the current state of the art of information security, the important
issues confronting managers, security enforcement measure/techniques, and potential
threats and attacks. It develops a model for classification of threats and control measures.
It also develops a scheme for probabilistic evaluation of the impact of security threats
with some illustrative examples. It involves validation of information assets and
probabilities of success of attacks on those assets in organizations and evaluates the
expected damages of these attacks. The research outlines some suggested control
measures and presents some cost models for quantifying damages from these attacks and
compares the tangible and intangible costs of these attacks. This research also develops a
risk management system for information systems security incidents in five stages: 1-
Resource and application value analysis, 2- Vulnerability and risk analysis, 3-
Computation of losses due to threats and benefits of control measures, 4- Selection of
control measures, and 5- Implementation of alternatives. The outcome of this research
should help decision makers to select the appropriate control measure(s) to minimize
damage or loss due to security incidents. Finally, some recommendations for future work
are provided to improve the management of security in organizations.

Identiferoai:union.ndltd.org:GATECH/oai:smartech.gatech.edu:1853/7600
Date22 November 2004
CreatorsFarahmand, Fariborz
PublisherGeorgia Institute of Technology
Source SetsGeorgia Tech Electronic Thesis and Dissertation Archive
Languageen_US
Detected LanguageEnglish
TypeDissertation
Format717108 bytes, application/pdf

Page generated in 0.002 seconds