Mohd Zabawi, Ahmed Yaser (2019) Developing Cost And Risk Assessment Tool For Hybrid Approach In Information Security Risk Analysis. Masters thesis, Universiti Teknikal Malaysia Melaka.
![[img]](http://eprints.utem.edu.my/style/images/fileicons/text.png) |
Text (24 pages)
Developing Cost And Risk Assessment Tool For Hybrid Approach In Information Security Risk Analysis.pdf - Submitted Version Download (757kB) |
|
Text (Full Text)
Developing Cost And Risk Assessment Tool For Hybrid Approach In Information Security Risk Analysis.pdf - Submitted Version Restricted to Registered users only Download (11MB) |
Abstract
Identifying potential information security risk is a challenging task which is due to modernization and new technologies which introduce possible threats to various type of digital system. Many studies proved that the current risk analysis tools are not able to analyze the threats well. It is a must for an organization to choose the suitable methods for better analysis. There are four key elements that need to be considered which are security threats, business impact, security measures and their cost. There are many existing risk analysis tools that were developed such as ISRAM and CORAS that have same purpose, which is to reduce the risk of causing a threat, however these tools used different approach to analyses the risk. The main focus of this study is to develop a new risk analysis tool based on hybrid approach and compare it with the existing tool. The proposed risk analysis tool is known as Cost and Risk Assessment tool (CARA) aims to trace the threats by combining both qualitative and quantitative methods, where both of these methods have their respective advantages for analyzing the information. CARA used Monte Carlo method where it applied probability theory in cost estimation. The results from the study show that the qualitative information could increase the dimension of risk factors and produce better accuracy in the analysis.
| Item Type: | Thesis (Masters) |
|---|---|
| Uncontrolled Keywords: | Information technology, Security measures, Management information systems, Security measures, Data protection, Information Security |
| Subjects: | Q Science > QA Mathematics Q Science > QA Mathematics > QA76 Computer software |
| Divisions: | Library > Tesis > FTMK |
| Depositing User: | F Haslinda Harun |
| Date Deposited: | 09 Nov 2020 09:26 |
| Last Modified: | 05 Oct 2021 11:52 |
| URI: | http://eprints.utem.edu.my/id/eprint/24697 |
| Statistic Details: | View Download Statistic |
Actions (login required)
 |
View Item |