Developing Cost And Risk Assessment Tool For Hybrid Approach In Information Security Risk Analysis

Mohd Zabawi, Ahmed Yaser (2019) Developing Cost And Risk Assessment Tool For Hybrid Approach In Information Security Risk Analysis. Masters thesis, Universiti Teknikal Malaysia Melaka.

[img] Text (24 pages)
Developing Cost And Risk Assessment Tool For Hybrid Approach In Information Security Risk Analysis.pdf - Submitted Version

Download (757kB)
[img] Text (Full Text)
Developing Cost And Risk Assessment Tool For Hybrid Approach In Information Security Risk Analysis.pdf - Submitted Version
Restricted to Registered users only

Download (11MB)

Abstract

Identifying potential information security risk is a challenging task which is due to modernization and new technologies which introduce possible threats to various type of digital system. Many studies proved that the current risk analysis tools are not able to analyze the threats well. It is a must for an organization to choose the suitable methods for better analysis. There are four key elements that need to be considered which are security threats, business impact, security measures and their cost. There are many existing risk analysis tools that were developed such as ISRAM and CORAS that have same purpose, which is to reduce the risk of causing a threat, however these tools used different approach to analyses the risk. The main focus of this study is to develop a new risk analysis tool based on hybrid approach and compare it with the existing tool. The proposed risk analysis tool is known as Cost and Risk Assessment tool (CARA) aims to trace the threats by combining both qualitative and quantitative methods, where both of these methods have their respective advantages for analyzing the information. CARA used Monte Carlo method where it applied probability theory in cost estimation. The results from the study show that the qualitative information could increase the dimension of risk factors and produce better accuracy in the analysis.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Information technology, Security measures, Management information systems, Security measures, Data protection, Information Security
Subjects: Q Science > QA Mathematics
Q Science > QA Mathematics > QA76 Computer software
Divisions: Library > Tesis > FTMK
Depositing User: F Haslinda Harun
Date Deposited: 09 Nov 2020 09:26
Last Modified: 05 Oct 2021 11:52
URI: http://eprints.utem.edu.my/id/eprint/24697
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item