The Internet is now fundamental to the global economy. Growing from an experimental and research network in the late 1960's, it is now the foundation of a wide range of economic, infrastructure support, communication and information sharing activities. In doing so it has also provided a vehicle for cybercrime. Organised cybercrime and state-sponsored malicious cyber activity are predicted to become the predominant cyber threats over the next five to ten years.
Corporate governance is playing an increasingly important role in ensuring compliance with the growing body of legislation and regulation, protecting the interests of stakeholders. At the same time there is a divergence in organisational awareness, understanding, strategy and application between business objectives, risk management and good security practices. Organisations are finding increasing difficulty in managing the scope and extent of the cyber-threat environment, exacerbated by confusion over risk tools, approaches and requirements.
This study provides a pragmatic and practical framework for organisational risk assessment, already proved over several years of use. This is supported by three national surveys which provide important data for sound risk identification and assessments. This survey data is organised through a Data Schema which is simple, rational and flexible enough to accommodate new technologies and types of cyber-attacks, as well as allowing for the decommissioning of technologies and the abandonment of attack methods.
For many organisations this risk framework will be sufficient to meet their corporate governance and risk management requirements. For organisations wishing to refine their approach, a Bayesian model has also been developed, building on previous work, incorporating data from the surveys and, through the Data Schema, allowing the incorporation of probabilities and other evidence to enhance the risk assessment framework. Again this model is flexible, accommodating changes, growth and new technologies.
Identifer | oai:union.ndltd.org:ADTP/256960 |
Date | January 2009 |
Creators | Roberts, C. M, n/a |
Publisher | University of Otago. Department of Information Science |
Source Sets | Australiasian Digital Theses Program |
Language | English |
Detected Language | English |
Rights | http://policy01.otago.ac.nz/policies/FMPro?-db=policies.fm&-format=viewpolicy.html&-lay=viewpolicy&-sortfield=Title&Type=Academic&-recid=33025&-find), Copyright C. M Roberts |
Page generated in 0.0016 seconds