Dissertations / Theses on the topic 'Information system (IS) risk'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Information system (IS) risk.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
Goto, Masato, Akira Hattori, Takami Yasuda, and Shigeki Yokoi. "Local Risk Management Information Sharing System." INTELLIGENT MEDIA INTEGRATION NAGOYA UNIVERSITY / COE, 2006. http://hdl.handle.net/2237/10438.
Full textFarahmand, Fariborz. "Developing a Risk Management System for Information Systems Security Incidents." Diss., Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/7600.
Full textMpanza, Brian Vusumuzi. "Evaluation of Transwerk Risk Management Information System." Thesis, Stellenbosch : Stellenbosch University, 2005. http://hdl.handle.net/10019.1/50346.
Full textENGLISH ABSTRACT: In the last decade, the use of computers has proliferated the industrial arena in South Africa. Due to frequent changes in computer programs and developments in the computing field, users have often been adversely affected. Users experience problems with computer programs that are not user friendly. Usability is about satisfying the user needs by allowing the user to accomplish their goals quickly, efficiently and easily. Thus it is crucial that industries invest in computer programs that offer optimum usability. In this research an attempt is made to provide a framework for methodology that can be used to test and evaluate usability in the Transwerk Risk Management Information System, that is Computer Assisted Risk Management Systems (CARMS). I first consider the difference between unusable and usable programs. Usability properties are then identified including properties enhancing effectiveness, efficiency, flexibility, laemability and attitude of the computer program. The CARMS components or modules and users were identified. Usability problems were identified that cause the users to be selective and discouraged to use other components of CARMS. To further verified and address the usability problems identified, the whole program needs to be tested and evaluated. The methodology was laid for how to do usability testing and evaluation in computer program that are currently in use like CARMS. Benefits and limitations of testing and evaluating usability were detailed in this research. It is recommended that, testing and evaluating usability should be done to prevent errors, dissatisfaction and to improve usability of the CARMS program.
AFRIKAANSE OPSOMMING: In die laaste dekade het die gebruik van rekenaars uitgebrei in die industriele arena in Suid-Afrika. Weens gereelde veranderings in rekenaar programme en ontwikkellings in die informatika veld is gebruikers gereeld nadelig geraak. Gebruikers ervaar probleme met rekenaar programme wat nie gebruikersvriendelik is nie. Bruikbaarheid het te make met bevrediging van gebruikersbehoeftes deur hulle in staat te stel om hulle doelwitte vinnig, doelmatig en maklik te bereik. Dit is dus van kritiese belang dat industriee investeer in rekenaar programme wat optimale bruikbaarheid bied. In hierdie navorsing word gepoog om 'n raamwerk vir metodologie wat gebruik kan word om die bruikbaarheid van die "Transwerk Risk Management Information System" (dit is "Computer Assisted Risk Management Systems" of CARMS) te toets en te evalueer. Ek bespreek eerstens die verskil tussen onbruikbare en bruikbare programme. Bruikbaarheidseienskappe word dan geidentifiseer, insluitend eienskappe wat doeltreffendheid, doelmatigheid, buigsaamheid, aanleerbaarheid en houding van die rekenaar program verbeter. Die CARMS komponente of modules en gebruikers is geidentifiseer. Bruikbaarheidsprobleme is geidentifiseer wat veroorsaak dat gebruikers selektief raak en ontmoedig raak om ander komponente van CARMS te gebruik. Om verder die geidentifiseerde bruikbaarheidsprobleme te verifieer en adreseer moet die hele program getoets en evalueer word. Die metodologie is vasgele waarvolgens bruikbaarheidstoetsing en evaluasie van rekenaar programme wat tans in gebruik is (soos CARMS) gedoen kan word. Voordele en beperkings van bruikbaarheidstoetsing en -evaluasie is in hierdie navorsing vervat. Dit word aanbeveel dat bruikbaarheidstoetsing en -evaluasie gedoen moet word om foute en ontevredenheid te voorkom en om die bruikbaarheid van die CARMS program te verbeter.
Svinčiaková, Ľudmila. "Posouzení informačního systému podniku služeb a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2012. http://www.nusl.cz/ntk/nusl-232610.
Full textOren, Gadi. "A probabilistic approach to risk management in mission-critical information technology infrastructure." Thesis, Massachusetts Institute of Technology, 2008. http://hdl.handle.net/1721.1/43115.
Full textIncludes bibliographical references (p. 111-112) and index.
In the nuclear, aerospace and chemical industries, the need for risk management is straightforward. When a system failure mode may cause a very high cost in lives or economic value, risk management becomes a necessity. In its short history, Information Technology (IT) came to be a crucial part and sometimes the platform of business activities for many large companies such as telecommunication or financial services organizations. However, due to scale and complexity, risk management methods used by other industries are not widely applied in IT.In this thesis, we investigate how probabilistic risk assessments methods used in other industries can be applied to IT network environments. A comparison is done using a number of possible approaches, improvements to these approaches are suggested, and different tradeoffs are discussed. The thesis examines ways to apply probabilistic risk assessment to a Service Oriented Architecture environment (where each service is an application or a business process that depends on other services, local and networked resources) to estimate the service reliability, availability, expected costs over time and the importance measures of elements and configurations. Finally, a method of performing cost benefit analysis is presented to estimate the implication of changing the services-supporting infrastructure, while taking into consideration the varying impact of different services to the business.A case study is used to demonstrate the methods suggested in the thesis. The case study compares four different configurations, showing how equipment failure and human error can be placed into a single framework and addressed as a single system. The implications and application of the results are discussed and recommendations for further research are provided.
by Gadi Oren.
S.M.
Radtke, Stephen W. "An analysis of the XYZ/ABC Company's risk control management information system." Online version, 1999. http://www.uwstout.edu/lib/thesis/1999/1999radtkes.pdf.
Full textLurain, Sher. "Networking security : risk assessment of information systems /." Online version of thesis, 1990. http://hdl.handle.net/1850/10587.
Full textConforti, Raffaele. "Managing risk in process-aware information systems." Thesis, Queensland University of Technology, 2014. https://eprints.qut.edu.au/77828/1/Raffaele_Conforti_Thesis.pdf.
Full textAlem, Mohammad. "Event-based risk management of large scale information technology projects." Thesis, De Montfort University, 2013. http://hdl.handle.net/2086/11392.
Full textHe, Ying. "Generic security templates for information system security arguments : mapping security arguments within healthcare systems." Thesis, University of Glasgow, 2014. http://theses.gla.ac.uk/5773/.
Full textSalvati, Domenico. "Management of information system risks." Berlin dissertation.de, 2008. http://d-nb.info/995975035/04.
Full textJoubert, Janine. "Embedding risk management within new product and service development of an innovation and risk management framework and supporting risk processes, for effective risk mitigation : an action research study within the Information and Communication Technology (ICT) Sector." Doctoral thesis, University of Cape Town, 2016. http://hdl.handle.net/11427/20367.
Full textBaker, Wade Henderson. "Toward a Decision Support System for Measuring and Managing Cybersecurity Risk in Supply Chains." Diss., Virginia Tech, 2017. http://hdl.handle.net/10919/85128.
Full textPh. D.
Rose, Brett Tyler. "Tennessee Rockfall Management System." Diss., Virginia Tech, 2005. http://hdl.handle.net/10919/29263.
Full textPh. D.
Abdulrazzaq, Mohammed, and Yuan Wei. "Industrial Control System (ICS) Network Asset Identification and Risk Management." Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-38198.
Full textIkram, N. "The management of risk in information systems development." Thesis, University of Salford, 2000. http://usir.salford.ac.uk/26725/.
Full textWong, Michael Men How. "Risk assessment and risk allocation in IS/IT private finance initiative projects." Thesis, University of Bath, 1999. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.301527.
Full textVeljkovic, Ivan. "BYOD: Risk considerations in a South African organisation." Master's thesis, University of Cape Town, 2018. http://hdl.handle.net/11427/29850.
Full textCrosara, Alessandro. "Calculating the Risk of Power Shortage in the Nordic Power System." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-235201.
Full textPå grund av miljöoch marknadsförhållanden, planeras kommande år nedläggningenav stora kraftverk i det nordiska elsystemet. För att ersätta dessa krävs ett ökat antal vindkraftverk, men även stora investeringar i elöverföringssystemet. Denna övergång kan ställa det nordiska elsystemet inför tillförlitlighetsutmaningar.Denna avhandling har till syfte att beräkna risken för effektbrist i de olika prisområdena som utgör det nordiska elsystemet, för tre olika scenarier: ett referensscenario som motsvarar läget under 2015, scenario 2020 och scenario 2025. Olika fallstudier utförs med fokus på det nordiska elsystemet och några av dess delsystem. Tillförlitlighetsanalysen i denna avhandling är baserad på sannolikhetsmetoder och utförs med hjälp av Monte Carlo simuleringar. Både enkel Monte Carlo och en avancerad variansreduktionsteknik, den så kallade Cross-Entropy-baserade samplingsmetoden (CEIS)tillämpas och jämförsmed varandra. presenteras.Ä ven en alternativ samplingsmetod baserad på stratifierad samplingUtgångspunkten för denna avhandling är Viktor Terriers examensarbete från 2017, med titeln “Nordeuropeiska elsystemets tillförlitlighet” [1]. I den förbättrade modellen presenterad i denna rapport ingår bland annat en förbättrad samplingsmetod för last och vindkraft, som även tar hänsyn till korrelationen mellan dessa parametrar. Tack vare samarbetet med energimarknadsavdelningen på Sweco Energuide AB, har även noggrannheten i de data som används, och de antaganden som dessa baseras på förbättrats.Ur ett modellperspektiv, dras slutsatsen att CEIS levererar bättre resultat jämfört med Monte Carlo när små och medelstora system simuleras, men kan inte användas för att simulera stora och högt tillförlitliga system, såsom det nordiska elsystemet. För sådana fallstudier kan emellertid den presenterade alternativa samplingsmetoden tillämpas. Ur det numeriska resultatperspektivet dras slutsatsen att tillförlitligheten med det nordiska elsystemet förväntas öka fram till 2020 och 2025. Trots en delvis oregelbunden produktion, kommer den installerade produktionskapaciteten att vara högre, och tack vare stora planerade investeringar i överföringssystemet, kommer den producerade elektriska effekten att kunna transporteras till områden där den behövs, oavsett var den genereras.Detta examensarbete har utförts vid avdelningen för elkraftteknik på Kungliga Tekniska Högskolan (KTH), i samarbete med energimarknadsavdelningen på Sweco EnerguideAB, inom ramen för North European Energy Perspectives Project (NEPP).
Papšys, Kęstutis. "Methodology of development of cartographic information system for evaluation of risk of extreme events." Doctoral thesis, Lithuanian Academic Libraries Network (LABT), 2013. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2013~D_20130220_160846-94374.
Full textDisertacijoje aprašoma ekstremalių įvykių vertinimo kartografinės informacinės sistemos kūrimo metodologija. Analizuojamos pasaulyje egzistuojančios kompleksinės rizikos vertinimo sistemos išryškinami jų trūkumai ir privalumai. Atliktos analizės pagrindu sukuriama originali daugeliu duomenų šaltinių pagrįsta kompleksinio rizikos vertinimo metodologija ir aprašoma autoriaus suprojektuota informacinė sistema leidžianti vertinti ekstremalių įvykių grėsmes ir riziką. Sukurta metodologija apima kartografinės informacinės sistemos sudedamųjų dalių kūrimo ir diegimo metodiką. Aprašomi sistemos veikimui reikiamų duomenų tipai, jų surinkimas, ekstremalių įvykių duomenų bazės kaupimo principai, sukuriamas ekstremalių įvykių grėsmių skaičiavimo ir kelių grėsmių apjungimo į vieną sintetinę grėsmę modelis. Aprašomas rizikos ir grėsmės santykis ir rizikos vertinimo metodologija. Disertacijoje taip pat pateikiama visos sistemos, veikiančios Lietuvos geografinės informacijos infrastruktūroje, ir integruotos Lietuvos erdvinės informacijos portale projektas. Sistema išbandyta su Lietuvoje pasiekiamais ir realiai egzistuojančiais erdvinių duomenų rinkiniais. Pateikiami eksperimento metu gauti rezultatai, rodantys padidintų geologinių ir meteorologinių rizikos rajonus Lietuvoje. Darbo pabaigoje pateikiamos metodologinės ir praktinės išvados apie metodų ir sistemos pritaikymą, patikimumą ir atitikimą standartams.
Katsargyri, Georgia-Evangela. "Individual and systemic risk trade-offs induced by information barriers in the financial system." Thesis, Massachusetts Institute of Technology, 2017. http://hdl.handle.net/1721.1/108995.
Full textCataloged from PDF version of thesis.
Includes bibliographical references (pages 87-91).
Investment diversification is a risk management technique that allows to create balanced portfolios that achieve a certain rate of return on one's investment, within a certain risk allowance. Despite the advantages it offers to investors, diversification has been strongly debated in the aftermath of the global financial crisis of 2007-2009, because it is believed to have potential adverse effects on systemic risk. In this thesis, we specifically investigate the adverse effects that limited information availability of investors, and the diversification choices they make due to that information, may have on the systemic risk of the financial system as a whole. Information availability here is seen as the level of awareness for each agent of the available options he can employ in order to diversify his portfolio in the given market, examined in terms of two so-called "information barriers": a) assets accessibility, representing private and public information offered to each investor about the available assets in the market, b) agents diversifiability, representing the agent's experience in processing this information in order to make better diversification decisions. Building on an existing stylized financial system model, we enrich it by partitioning the assets and the investors according to their accessibility and diversifiability respectively. Our contribution is threefold; we demonstrate a tradeoff between individual diversification activity and systemic risk induced by the two information barriers, we provide analytical characterization and numerical representation of the conditions under which diversification activity under limited information may amplify systemic risk and finally we observe and highlight a discrepancy that is created between actual and perceived risk for increasing level of information availability in the system.
by Georgia-Evangelia Katsargyri.
Ph. D.
Hansson, Sanna. "Ett smidigt hjälpmedel eller en internetberoende risk? : Molnlagring ur privatpersoners perspektiv." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-17358.
Full textStraka, Václav. "Posouzení efektivnosti informačního systému ve firmě zabývající se lokalizací a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2021. http://www.nusl.cz/ntk/nusl-446773.
Full textZeman, Jan. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2013. http://www.nusl.cz/ntk/nusl-232757.
Full textPantelopoulos, Alexandros A. "¿¿¿¿¿¿¿¿¿¿¿¿PROGNOSIS: A WEARABLE SYSTEM FOR HEALTH MONITORING OF PEOPLE AT RISK." Wright State University / OhioLINK, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=wright1284754643.
Full textNěmec, Milan. "Návrh informačního systému." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-399950.
Full textSrivastava, Siddhartha. "D-GRIP : DNA genetic risk information profile : A genotype analysis system to predict a genetic risk profile for an individual." Thesis, University of British Columbia, 2007. http://hdl.handle.net/2429/32186.
Full textScience, Faculty of
Graduate
Anderson, Alison Mary. "The object-oriented modelling of information systems security risk." Thesis, Queensland University of Technology, 1997.
Find full textAl-Hassany, Ibrahim. "Applying the ENISA IT Risk Assessment for Cloud Computing on Small & Medium Enterprises. A Case Study of Policy/Organizational, Technical and Legal Risks." Thesis, Örebro universitet, Handelshögskolan vid Örebro Universitet, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-48922.
Full textSundahl, Mark Jack. "Automating the basic configuration of IPMI interfaces : To reduce the risk of misconfiguration." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-18754.
Full textAl-Shehab, Abdullah. "Causal and cognitive mapping methods for the identification of risk in information system development projects." Thesis, University of Brighton, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.443557.
Full textČernohorský, Michal. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2014. http://www.nusl.cz/ntk/nusl-233061.
Full textBlinn, Christopher Michael. "Creation of a Spatial Decision Support System as a Risk Assessment Tool Based on Kentucky Tornado Climatology." TopSCHOLAR®, 2012. http://digitalcommons.wku.edu/theses/1153.
Full textParinyavuttichai, Nipon. "Risk management in information systems development in a Thai context." Thesis, University of Sheffield, 2011. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.574532.
Full textNewman, William Arthur. "Risk/threat based analysis auditing in advanced management information systems." Thesis, University of Canterbury. Accounting and Information Systems, 1986. http://hdl.handle.net/10092/3761.
Full textBranagan, Mark Allan. "A risk simulation framework for information infrastructure protection." Thesis, Queensland University of Technology, 2012. https://eprints.qut.edu.au/51006/1/Mark_Branagan_Thesis.pdf.
Full textŠtrba, Matej. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2021. http://www.nusl.cz/ntk/nusl-444569.
Full textMitevová, Vanesa. "Výběr informačního systému pro účetní firmu." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2020. http://www.nusl.cz/ntk/nusl-433349.
Full textSaeed, Muhammad, and Mehmood Ziauddin. "A Structured Approach for Evaluating Risk Impacts in IT Projects." Thesis, Mälardalen University, School of Sustainable Development of Society and Technology, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-782.
Full textDate: 12-June-2008
Authors: Muhammad Saeed – 760721
Västerås – Sweden
Mehmood Ziauddin – 830730
Västerås – Sweden
Title: A Structured Approach for Evaluating Risk Impacts in IT Projects
Introduction: Risk is an integral part of any project and it’s more appropriate to say for IT because it is changing with a very fast pace. Different surveys, reports and researches show astonishing statistics about the risks in IT projects. Through proper risk assessment techniques most of the uncertainties can be reduced while initiating, implementing and improving IT projects. Different authors talk about different risks and different strategies to respond to them. It becomes difficult at times to keep in check all the risks. Often risk management is over hyped, and often it’s totally neglected. Their needs to be a balanced approached in risk management.
Problem: How a structured approach will be beneficial for an organization in assessing risk impacts on IT Projects?
Purpose: The aim of this report is to develop and analyze a structured approach which will permit an organization in identifying & categorizing risks and measuring their impact on IT Projects.
Method: Exploratory research approach is used and data collection is done using secondary sources. Our thesis is qualitative research based. Qualitative research is the one which is not relying on statistical data as compared to quantitative research.
Besides our text books and study material, the main source of information was internet databases and university library from where we read different articles, thesis and books. Majority of the material studied was collected from Mälardalen University Library’s online databases like, Elin@Mälardalen, Compendex, Emerald and Ebrary. We also consulted some books which we got by inter-library loan from Mälardalen University.
Conclusion: With the help of Remenyi’s approach for categorizing risks and Applegate’s approach of measuring risk impact, we have managed to develop a structured approach and reached a conclusion that proper identification and categorizing of risks can be very beneficial for an organization in numerous ways. This systematic way assists top management, project managers, IT & non IT Personnel is taking preemptive measures for managing risks. The benefits it brings is that it gives an equal understanding within the organization and this structured approach gives an in-depth and clear understanding of the risks associated with IT projects.
Vavrová, Jaroslava. "Návrh informačního systému." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318345.
Full textCouraud, Jason R. "Risk Perception in Online Communities." DigitalCommons@USU, 2014. https://digitalcommons.usu.edu/etd/3898.
Full textThöni, Andreas, Alfred Taudes, and A. Min Tjoa. "An information system for assessing the likelihood of child labor in supplier locations leveraging Bayesian networks and text mining." Springer Nature, 2018. http://dx.doi.org/10.1007/s10257-018-0368-0.
Full textNjenga, Kennedy Nduati. "Conceptualising improvisation in information security risk management activities : a South Africa case study." Doctoral thesis, University of Cape Town, 2009. http://hdl.handle.net/11427/5664.
Full textIncludes bibliographical references (leaves 286-299).
The aim of this research was to understand how functionalist approaches and the incremental approaches are manifested in ISRM activities. New insights and meaning to the ISRM activities were presented when the incrementalist approaches to ISRM and the functionalist approaches to ISRM were examined holistically. Improvisation, for the purpose of this research, was used to explain this holistic understanding.
Sun, Jean-huan, and 孫震寰. "Information Security Risk Assessment of Bancassurance Information System." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/53053857178291666972.
Full text銘傳大學
風險管理與保險學系碩士在職專班
97
Information technology has been a key role in organizations and enterprises of nowadays to bring better operation efficiencies. As the internet is making accessing to information easier, it is also exposing the enterprises to higher risks. The report from III is indicating that information security is crucial to the operation of financial institutions. The Bancassurance in Taiwan now have become a significant selling channel for insurance products in last decade. Admirably, the banks and its subsidiaries like China Trust Insurance Brokers Co., overwhelmed all the insurance companies in premium commission income since 2004. Bancassurance, and its information security are therefore becoming worthwhile topics for related research. This article brings an extensive evaluation over 46 bancassurance agencies. The survey introduced the process developed by Taiwan’s Ministry of Economic Affairs for assessing the security level of information systems in SME. This article intends to discover the major elements that a comprehensive security strategy should be taking care of in its development process. The interactions of these elements are also explored. Both the methodologies of quantitative (with frequency and damage estimation) and descriptive (for risk perception) are used in the survey. A summary is developed for how to strategize the information security policy with evaluation results. The survey indicates the network security brings the most problems to the overall information security, while the government regulation brings the least. The survey also finds higher the damage that a problem causes, more the awareness from the administrator of it. The survey shows the MIS managers and staffs have insufficient knowledge with information security. They very often under-estimate the probability and damage of network security problems, and over-estimate the influences from other elements. For the Information security strategy of Taiwan’s bancassurance enterprises, this article suggests ‘prevention’ policy to deal with problems in computer security, business application systems and network security, ‘prevention’ and ‘transferring’ policy for problems of staff security and outsource management, and ‘acceptance’ policy for requirement of regulations. It is highly recommended to reinforce the knowledge level of MIS crews and the general management. Risk perception is a convenient tool to determine the comprehensiveness of information security of an enterprise. It plays key role both in the policy making of risk management, and also in the process for related communication within the enterprise.
LIN, CHEN-CHU, and 林宸竹. "An Information Security Risk Management System Considering Compliance and Risk Information Visualization." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/44401301548316036567.
Full text國立臺灣科技大學
資訊管理系
98
Considering security and convenience in information systems and services of organizations, organizations need to implement information security risk management processes to identify potential information security incidents and to evaluate loss expectancy of the incidents. Consequently, organizations can adopt appropriate or cost-effective countermeasures to control the incidents. To establish risk management processes, an organization needs to maintain huge amount of data about risks or potential incidents. Obviously, it would be a tedious work to maintain the data. Therefore, this study proposes an information system, called Risk Patrol, for an organization to perform risk management processes. While many organizations establish information security management systems based on ISO 27001, the proposed system follow ISO 27005 to help organizations to comply the requirements about risk management in ISO 27001. In addition, the proposed system also contributes to provide an integrated view for managers or stakeholders of an organization to know risks of the organization. The managers and stakeholders can then decide how to treat the risks based on the system. Therefore, the proposed system can contribute to improve organizational security.
Yu, Chih-Pin, and 游芷萍. "Risk management of information system outsourcing." Thesis, 2006. http://ndltd.ncl.edu.tw/handle/89142578935391114356.
Full text國立臺灣大學
會計學研究所
94
In this study, transaction cost theory and agency theory are applied to build the fundamental models of IT outsourcing risk management. In order to investigate how the attributes of organizations influence IT outsourcing risk, we integrates such attributes i.e., asset specificity, uncertainty, measurement problems, promixity of core competencies, top management involvement, outsourcing experiences, choice of suppliers, strategy importance and IT capability, which organizations need to take into account. Furthermore, we separate the risk into three parts: the risk models of environmental factors, mutual relationship between both parities, and IT safety. There are 1,287 private sector and corporate were selected to conduct the survey. 172 questionnaires were returned, 5 of them were incomplete. The percentage of return rate is 13.4% and the valid returned questionnaires is 12.9 %. We adopt questionnaire to implement this empirical study. The results reveal the following characteristics: (1) In the risk model of environmental factors: the higher the uncertainty of IT outsourcing, the more risky the IT outsourcing. (2) In the model of mutual relationship between both parities: the higher the asset specificity, the more risky the IT outsourcing. (3) In the model of IT safety: the higher the IT capability, the more risky the IT outsourcing.
Mayer, Nicolas. "Model-based Management of Information System Security Risk." Phd thesis, 2009. http://tel.archives-ouvertes.fr/tel-00402996.
Full textNotre démarche scientifique se compose de trois étapes successives. La première étape vise à définir un modèle conceptuel de référence relatif à la gestion des risques de sécurité. La méthode de recherche adoptée propose de fonder le modèle sur une étude approfondie de la littérature. Les différents standards de gestion des risques et/ou de sécurité, un ensemble de méthodes représentatives de l'état actuel de la pratique, ainsi que les travaux scientifiques se rapportant au domaine, ont été analysés. Le résultat est une grille d'alignement sémantique des concepts de la gestion des risques de sécurité, mettant en évidence les concepts-clés intervenant dans une telle démarche. Sur base de cet ensemble de concepts est ensuite construit le modèle du domaine de la gestion des risques. Ce modèle a été confronté aux experts du domaine, provenant du monde de la standardisation, des méthodes de gestion des risques et du monde scientifique.
La deuxième étape de notre recherche enrichit ce modèle du domaine avec les différentes métriques utilisées lors de l'application d'une méthode de gestion des risques. La démarche proposée combine deux approches pour la détermination des métriques. La première est la méthode Goal-Question-Metric (GQM) appliquée sur notre modèle de référence. Elle permet de se focaliser sur l'atteinte du meilleur retour sur investissement de la sécurité. La seconde enrichit les métriques identifiées par la première approche, grâce à une étude de la littérature basée sur les standards et méthodes étudiés lors de la première étape. Une expérimentation sur un cas réel de ces métriques a été réalisée, dans le cadre de l'accompagnement d'une PME vers la certification ISO/IEC 27001.
Enfin, dans une troisième étape, nous relevons dans la littérature un ensemble de langages de modélisation conceptuelle de la sécurité de l'information. Ces langages sont issus essentiellement du domaine de l'ingénierie des exigences. Ils permettent donc d'aborder la sécurité lors des phases initiales de la conception de systèmes d'information. Nous avons évalué le support conceptuel proposé par chacun d'eux et donc le manque à combler afin d'être à même de modéliser intégralement les différentes étapes de la gestion des risques. Le résultat de ce travail permet de formuler une proposition d'extension du langage Secure Tropos et une démarche d'utilisation de cette évolution dans le cadre de la gestion des risques, illustrée par un exemple.
Chiu, Chih-Yuan, and 邱智元. "Countering knowledge risk in information system development project." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/20776148835176142571.
Full text國立中山大學
資訊管理學系研究所
100
Information system development (ISD) has long been treated as the process that system developers craft an artifact to support business operation based on their special expertise. However, a significant portion of projects still have failed because the developed outcome cannot fit users’ needs or meet predefined project schedule. Given that ISD is a knowledge intensive process, a lack of sufficient knowledge has been identified as one critical risk which may harms the effectiveness of planning and control. By viewing ISD projects as a series of problem solving process in which ISD team members generate usable knowledge, based on available potential knowledge, to counter problem, this study aims at understanding how managers can adopt approaches to increase the availability of potential knowledge and build a team which can effectively transform available knowledge into usable form. Through incorporating those concepts into research design, this study proposed a model to examine the impacts of those proposed approaches. An empirical survey methodology was adopted to collect required data. PLS was then used to test the proposed research model. The results showed that problem solving competence can benefit project performance, and the organization practices, including member selection, training, knowledge management system and external resources, reduce the insufficient potential knowledge, and indicate the important moderating role of the knowledge transfer facilitators. The implications toward academic and practitioner are also provided.
Wu, Cheng-Lung, and 吳政龍. "Establishing Outsourcing Selection risk Model of Information System Project: The case of Medical Information System." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/ex3f6d.
Full text元培科學技術學院
經營管理研究所
95
Many studies and methods used to examine project development risks assume that lowering the risks, generally, will increase the chances of project success. This study attempts to improve the chances of success by combining project risk and the multi-criteria decision-making (MCDM) with the information system project (ISP) selection model to determine the relative weights of initial risk criteria. We use the analytic network process (ANP) to calculated the risk weight values and established the best efficiency ranking in the information system vendor model. The purpose of this effort is to provide primary administrators with a project decision-making model and exacting evaluation criteria that will help them choose the best information systems organization when outsourcing.
Lee, Chenyi, and 李振儀. "Security Risk Evaluation for Information System of Financial Holdings." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/42873926420848041727.
Full text東吳大學
資訊管理學系
101
The goal of information security risk management is to protect the confidentiality, integrity and usability of information assets. It can prevent the occurrences of information security events and then ensure the sustainable development of company. In order to understand the threat and vulnerability that information system may meet, information security risk management should be implemented continuously. If we record the threat and vulnerability in table manually and evaluate the risk, it will be time-consuming and easy to make mistake. In this paper, take financial holding for example, we analyze the information flow in a information system based on the system with cross-selling characteristics. Then take the analyzed information flow data as the input data of evaluation. Base on the structure of logistics supply chain and refer to information security risk evaluation, we can evaluate the information flow risk. The risk value is the probability of the event occurrence multiplied the impact of the event. And the probability of the event occurrence is decided by node connection type and structure. The unified impact value is transformed from curve fitting. We use MATLAB to implement the evaluation model and get the risk value by inputting source data. For enhanced module, we estimate the improved event probability, input them into module and recalculate the risk value. In addition, if the information flow nodes are changed, the risk value also can be recalculated immediately.