Developing a Risk Management System for Information Systems Security Incidents
MetadataShow full item record
The Internet and information systems have enabled businesses to reduce costs, attain greater market reach, and develop closer business partnerships along with improved customer relationships. However, using the Internet has led to new risks and concerns. This research provides a management perspective on the issues confronting CIOs and IT managers. It outlines the current state of the art of information security, the important issues confronting managers, security enforcement measure/techniques, and potential threats and attacks. It develops a model for classification of threats and control measures. It also develops a scheme for probabilistic evaluation of the impact of security threats with some illustrative examples. It involves validation of information assets and probabilities of success of attacks on those assets in organizations and evaluates the expected damages of these attacks. The research outlines some suggested control measures and presents some cost models for quantifying damages from these attacks and compares the tangible and intangible costs of these attacks. This research also develops a risk management system for information systems security incidents in five stages: 1- Resource and application value analysis, 2- Vulnerability and risk analysis, 3- Computation of losses due to threats and benefits of control measures, 4- Selection of control measures, and 5- Implementation of alternatives. The outcome of this research should help decision makers to select the appropriate control measure(s) to minimize damage or loss due to security incidents. Finally, some recommendations for future work are provided to improve the management of security in organizations.
Showing items related by title, author, creator and subject.
Comparative analysis of the effects of system structure and information input characteristics on the system's response of a military intelligence handling system Maddox, Edward Reeves (Georgia Institute of Technology, 1971-08)
Massey, Kevin C.; Heiges, Michael W.; DiFrancesco, Ben; Ender, Tommer Rafael; Mavris, Dimitri N. (Georgia Institute of Technology, 2006-06)A System-of-Systems design methodology is used to evaluate tradeoffs in the design of a guided bullet system for mortar defense. Guided bullets were designed to match the calibers of four different existing auto guns and ...
Soban, Danielle Suzanne; Mavris, Dimitri N. (Georgia Institute of Technology, 2001-10)The need for a comprehensive framework for the analysis of military system effectiveness is presented. Changes in the world’s economy and its effect on decision making is discussed, as well as the three primary ways decision ...