【 摘 要 】

The Internet and information systems have enabled businesses to reduce costs, attaingreater market reach, and develop closer business partnerships along with improvedcustomer relationships. However, using the Internet has led to new risks and concerns.This research provides a management perspective on the issues confronting CIOs and ITmanagers. It outlines the current state of the art of information security, the importantissues confronting managers, security enforcement measure/techniques, and potentialthreats and attacks. It develops a model for classification of threats and control measures.It also develops a scheme for probabilistic evaluation of the impact of security threatswith some illustrative examples. It involves validation of information assets andprobabilities of success of attacks on those assets in organizations and evaluates theexpected damages of these attacks. The research outlines some suggested controlmeasures and presents some cost models for quantifying damages from these attacks andcompares the tangible and intangible costs of these attacks. This research also develops arisk management system for information systems security incidents in five stages: 1-Resource and application value analysis, 2- Vulnerability and risk analysis, 3-Computation of losses due to threats and benefits of control measures, 4- Selection ofcontrol measures, and 5- Implementation of alternatives. The outcome of this researchshould help decision makers to select the appropriate control measure(s) to minimizedamage or loss due to security incidents. Finally, some recommendations for future workare provided to improve the management of security in organizations.

【 预 览 】

附件列表

Files	Size	Format	View
Developing a Risk Management System for Information Systems Security Incidents	700KB	PDF	download