Дисертації з теми "Information system (IS) risk"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Information system (IS) risk.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 дисертацій для дослідження на тему "Information system (IS) risk".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Goto, Masato, Akira Hattori, Takami Yasuda, and Shigeki Yokoi. "Local Risk Management Information Sharing System." INTELLIGENT MEDIA INTEGRATION NAGOYA UNIVERSITY / COE, 2006. http://hdl.handle.net/2237/10438.
Повний текст джерела
2
Farahmand, Fariborz. "Developing a Risk Management System for Information Systems Security Incidents." Diss., Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/7600.
Повний текст джерелаАнотація:
The Internet and information systems have enabled businesses to reduce costs, attain
greater market reach, and develop closer business partnerships along with improved
customer relationships. However, using the Internet has led to new risks and concerns.
This research provides a management perspective on the issues confronting CIOs and IT
managers. It outlines the current state of the art of information security, the important
issues confronting managers, security enforcement measure/techniques, and potential
threats and attacks. It develops a model for classification of threats and control measures.
It also develops a scheme for probabilistic evaluation of the impact of security threats
with some illustrative examples. It involves validation of information assets and
probabilities of success of attacks on those assets in organizations and evaluates the
expected damages of these attacks. The research outlines some suggested control
measures and presents some cost models for quantifying damages from these attacks and
compares the tangible and intangible costs of these attacks. This research also develops a
risk management system for information systems security incidents in five stages: 1-
Resource and application value analysis, 2- Vulnerability and risk analysis, 3-
Computation of losses due to threats and benefits of control measures, 4- Selection of
control measures, and 5- Implementation of alternatives. The outcome of this research
should help decision makers to select the appropriate control measure(s) to minimize
damage or loss due to security incidents. Finally, some recommendations for future work
are provided to improve the management of security in organizations.
3
Mpanza, Brian Vusumuzi. "Evaluation of Transwerk Risk Management Information System." Thesis, Stellenbosch : Stellenbosch University, 2005. http://hdl.handle.net/10019.1/50346.
Повний текст джерелаАнотація:
Thesis (MPhil)--Stellenbosch University, 2005.ENGLISH ABSTRACT: In the last decade, the use of computers has proliferated the industrial arena in South Africa. Due to frequent changes in computer programs and developments in the computing field, users have often been adversely affected. Users experience problems with computer programs that are not user friendly. Usability is about satisfying the user needs by allowing the user to accomplish their goals quickly, efficiently and easily. Thus it is crucial that industries invest in computer programs that offer optimum usability. In this research an attempt is made to provide a framework for methodology that can be used to test and evaluate usability in the Transwerk Risk Management Information System, that is Computer Assisted Risk Management Systems (CARMS). I first consider the difference between unusable and usable programs. Usability properties are then identified including properties enhancing effectiveness, efficiency, flexibility, laemability and attitude of the computer program. The CARMS components or modules and users were identified. Usability problems were identified that cause the users to be selective and discouraged to use other components of CARMS. To further verified and address the usability problems identified, the whole program needs to be tested and evaluated. The methodology was laid for how to do usability testing and evaluation in computer program that are currently in use like CARMS. Benefits and limitations of testing and evaluating usability were detailed in this research. It is recommended that, testing and evaluating usability should be done to prevent errors, dissatisfaction and to improve usability of the CARMS program.
AFRIKAANSE OPSOMMING: In die laaste dekade het die gebruik van rekenaars uitgebrei in die industriele arena in Suid-Afrika. Weens gereelde veranderings in rekenaar programme en ontwikkellings in die informatika veld is gebruikers gereeld nadelig geraak. Gebruikers ervaar probleme met rekenaar programme wat nie gebruikersvriendelik is nie. Bruikbaarheid het te make met bevrediging van gebruikersbehoeftes deur hulle in staat te stel om hulle doelwitte vinnig, doelmatig en maklik te bereik. Dit is dus van kritiese belang dat industriee investeer in rekenaar programme wat optimale bruikbaarheid bied. In hierdie navorsing word gepoog om 'n raamwerk vir metodologie wat gebruik kan word om die bruikbaarheid van die "Transwerk Risk Management Information System" (dit is "Computer Assisted Risk Management Systems" of CARMS) te toets en te evalueer. Ek bespreek eerstens die verskil tussen onbruikbare en bruikbare programme. Bruikbaarheidseienskappe word dan geidentifiseer, insluitend eienskappe wat doeltreffendheid, doelmatigheid, buigsaamheid, aanleerbaarheid en houding van die rekenaar program verbeter. Die CARMS komponente of modules en gebruikers is geidentifiseer. Bruikbaarheidsprobleme is geidentifiseer wat veroorsaak dat gebruikers selektief raak en ontmoedig raak om ander komponente van CARMS te gebruik. Om verder die geidentifiseerde bruikbaarheidsprobleme te verifieer en adreseer moet die hele program getoets en evalueer word. Die metodologie is vasgele waarvolgens bruikbaarheidstoetsing en evaluasie van rekenaar programme wat tans in gebruik is (soos CARMS) gedoen kan word. Voordele en beperkings van bruikbaarheidstoetsing en -evaluasie is in hierdie navorsing vervat. Dit word aanbeveel dat bruikbaarheidstoetsing en -evaluasie gedoen moet word om foute en ontevredenheid te voorkom en om die bruikbaarheid van die CARMS program te verbeter.
4
Svinčiaková, Ľudmila. "Posouzení informačního systému podniku služeb a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2012. http://www.nusl.cz/ntk/nusl-232610.
Повний текст джерелаАнотація:
The paper focuses on a company which is currently in a difficult situation because of the escalation of problems with established information system. The company must also confront the problems with the introduction of a new program supporting core business processes. The only IT company employee often gets in the situations he is unable to solve practically or because of little time time. The aim of this work was to analyse established information system, identify its weaknesses, where there are risks and propose measures to improve and eliminate the identified risks. Own analysis of the information system through interviews with selected staff is followed up with questionnaire methods of ZEFIS portal. After finding the gaps and analysis of the identified risks the measures to eliminate the risks, recommendations for improvement and correcting the shortcomings of the system have been proposed.
5
Oren, Gadi. "A probabilistic approach to risk management in mission-critical information technology infrastructure." Thesis, Massachusetts Institute of Technology, 2008. http://hdl.handle.net/1721.1/43115.
Повний текст джерелаАнотація:
Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2008.Includes bibliographical references (p. 111-112) and index.
In the nuclear, aerospace and chemical industries, the need for risk management is straightforward. When a system failure mode may cause a very high cost in lives or economic value, risk management becomes a necessity. In its short history, Information Technology (IT) came to be a crucial part and sometimes the platform of business activities for many large companies such as telecommunication or financial services organizations. However, due to scale and complexity, risk management methods used by other industries are not widely applied in IT.In this thesis, we investigate how probabilistic risk assessments methods used in other industries can be applied to IT network environments. A comparison is done using a number of possible approaches, improvements to these approaches are suggested, and different tradeoffs are discussed. The thesis examines ways to apply probabilistic risk assessment to a Service Oriented Architecture environment (where each service is an application or a business process that depends on other services, local and networked resources) to estimate the service reliability, availability, expected costs over time and the importance measures of elements and configurations. Finally, a method of performing cost benefit analysis is presented to estimate the implication of changing the services-supporting infrastructure, while taking into consideration the varying impact of different services to the business.A case study is used to demonstrate the methods suggested in the thesis. The case study compares four different configurations, showing how equipment failure and human error can be placed into a single framework and addressed as a single system. The implications and application of the results are discussed and recommendations for further research are provided.
by Gadi Oren.
S.M.
6
Radtke, Stephen W. "An analysis of the XYZ/ABC Company's risk control management information system." Online version, 1999. http://www.uwstout.edu/lib/thesis/1999/1999radtkes.pdf.
Повний текст джерела
7
Lurain, Sher. "Networking security : risk assessment of information systems /." Online version of thesis, 1990. http://hdl.handle.net/1850/10587.
Повний текст джерела
8
Conforti, Raffaele. "Managing risk in process-aware information systems." Thesis, Queensland University of Technology, 2014. https://eprints.qut.edu.au/77828/1/Raffaele_Conforti_Thesis.pdf.
Повний текст джерелаАнотація:
This research contributes a fully-operational approach for managing business process risk in near real-time. The approach consists of a language for defining risks on top of process models, a technique to detect such risks as they eventuate during the execution of business processes, a recommender system for making risk-informed decisions, and a technique to automatically mitigate the detected risks when they are no longer tolerable. Through the incorporation of risk management elements in all stages of the lifecycle of business processes, this work contributes to the effective integration of the fields of Business Process Management and Risk Management.
9
Alem, Mohammad. "Event-based risk management of large scale information technology projects." Thesis, De Montfort University, 2013. http://hdl.handle.net/2086/11392.
Повний текст джерелаАнотація:
Globalisation has come as a double-edged blade for information technology (IT) companies; providing growth opportunities and yet posing many challenges. Software development is moving from a monolithic model to a distributed approach, where many entities and organisations are involved in the development process. Risk management an important area to deal with all the kinds of technical and social issues within companies planning and programming schedules, and this new way of working requires more attention to be paid to the temporal, socio-cultural and control aspects than before. Multinational companies like IBM have begun to consider how to address the distributed nature of its projects across the globe. With outlets across the globe, the company finds various people of different cultures, languages and ethics working on a single and bigger IT projects from different locations. Other IT companies are facing the same problems, despite there being many kinds of approaches available to handle risk management in large scale IT companies. IBM commissioned the Distributed Risk Management Process (DRiMaP) model as a suitable solution. This model focused on the collaborative and on-going control aspects, and paid attention to the need for risk managers, project managers and management to include risk management into all phases of projects and the business cycle. The authors of the DRiMaP model did not subject it to extensive testing. This research sets out to evaluate, improve and extend the model process and thereby develop a new and dynamic approach to distributed information systems development. To do this, this research compares and contrasts the model with other risk management approaches. An Evolutionary Model is developed, and this is subjected to empirical testing through a hybrid constructive research approach. A survey is used to draw out the observations of project participants, a structured interview gathered the opinions of project experts, a software tool was developed to implement the model, and SysML and Monte Carlo methods were applied to this to simulate the functioning of the model. The Evolutionary Model was found to partially address the shortcomings of the DRiMaP model, and to provide a valuable platform for the development of an enterprise risk management solution.
10
He, Ying. "Generic security templates for information system security arguments : mapping security arguments within healthcare systems." Thesis, University of Glasgow, 2014. http://theses.gla.ac.uk/5773/.
Повний текст джерелаАнотація:
Industry reports indicate that the number of security incidents happened in healthcare organisation is increasing. Lessons learned (i.e. the causes of a security incident and the recommendations intended to avoid any recurrence) from those security incidents should ideally inform information security management systems (ISMS). The sharing of the lessons learned is an essential activity in the “follow-up” phase of security incident response lifecycle, which has long been addressed but not given enough attention in academic and industry. This dissertation proposes a novel approach, the Generic Security Template (GST), aiming to feed back the lessons learned from real world security incidents to the ISMS. It adapts graphical Goal Structuring Notations (GSN), to present the lessons learned in a structured manner through mapping them to the security requirements of the ISMS. The suitability of the GST has been confirmed by demonstrating that instances of the GST can be produced from real world security incidents of different countries based on in-depth analysis of case studies. The usability of the GST has been evaluated using a series of empirical studies. The GST is empirically evaluated in terms of its given effectiveness in assisting the communication of the lessons learned from security incidents as compared to the traditional text based approach alone. The results show that the GST can help to improve the accuracy and reduce the mental efforts in assisting the identification of the lessons learned from security incidents and the results are statistically significant. The GST is further evaluated to determine whether users can apply the GST to structure insights derived from a specific security incident. The results show that students with a computer science background can create an instance of the GST. The acceptability of the GST is assessed in a healthcare organisation. Strengths and weaknesses are identified and the GST has been adjusted to fit into organisational needs. The GST is then further tested to examine its capability to feed back the security lessons to the ISMS. The results show that, by using the GST, lessons identified from security incidents from one healthcare organisation in a specific country can be transferred to another and can indeed inform the improvements of the ISMS. In summary, the GST provides a unified way to feed back the lessons learned to the ISMS. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents around the world.
11
Salvati, Domenico. "Management of information system risks." Berlin dissertation.de, 2008. http://d-nb.info/995975035/04.
Повний текст джерела
12
Joubert, Janine. "Embedding risk management within new product and service development of an innovation and risk management framework and supporting risk processes, for effective risk mitigation : an action research study within the Information and Communication Technology (ICT) Sector." Doctoral thesis, University of Cape Town, 2016. http://hdl.handle.net/11427/20367.
Повний текст джерелаАнотація:
At first glance, innovation and risk management seem like two opposing disciplines with diverse objectives. The former seeks to be flexible and encourages enhanced solutions and new ideas, while the latter can be seen as stifling such innovative thinking. Since there is a failure rate of as many as eight out of every ten products launched, it is perhaps necessary for organisations to consider applying more structured approaches to innovation, in order to better manage risks and to increase the chances of delivering improved goods and services. A risk management approach is well suited to address the challenge of failure, as it focuses not only on the negative impact of risks but also on the opportunities they present. It aligns these with the strategic objectives of the organisation to increase the chances of its success. The research objective of this study was to establish how to embed risk management within the innovation divisions of an organisation to ensure that more efficient products and services are delivered to customers. To achieve this end, action research was conducted in a large organisation operating in a high-technology environment that launches many diverse products and services and rapidly expanding service offerings to other industries. The study took four years to complete and delivered multiple interventions that successfully embedded risk management within the organisation, leading to changed behaviours and double-loop learning. Two main knowledge contributions are offered by the study. Firstly, a generic and empirically validated integrated Innovation and Risk Management Framework (IRMF) is developed and guides new product and service development by considering both best practices and risks. Secondly, a risk dashboard is designed as a design science artefact within the action research cycles, which consolidates all the knowledge that was generated during the study. This is ultimately a visual interface to support stage-gate decision making. Since the context of the study was broad, extensive and complicated, the use of mixed-method research complemented and expanded on the findings by providing another layer of support and validation. This thesis highlights the complexity of innovation and presents the need for an organising framework that will encourage innovation but is sufficiently flexible to cater for diverse needs and risks. The study delivers several other, valuable contributions regarding what, how and why incidents occur within the real-world context of new product and service development. Several generic artefacts, such as risk processes and maturity frameworks, are also developed, which can guide risk and new product and service development practitioners to deliver more efficient product and services. This study offers several novel approaches to evaluating risks and provides practical support and recommendations, addressing shortcomings of fragmented research in similar, but smaller-scale studies that have been conducted in information systems. It is the premise of this research that a much wider number of risks need to be managed as new products and services are developed, than was noted in previous studies. Effective risk management in new product and service development could lead to competitive advantage for organisations by increasing knowledge and facilitating sustainable, informed risk decision-making.
13
Baker, Wade Henderson. "Toward a Decision Support System for Measuring and Managing Cybersecurity Risk in Supply Chains." Diss., Virginia Tech, 2017. http://hdl.handle.net/10919/85128.
Повний текст джерелаАнотація:
Much of the confusion about the effectiveness of information security programs concerns not only how to measure, but also what to measure — an issue of equivocality. Thus, to lower uncertainty for improved decision-making, it is first essential to reduce equivocality by defining, expanding, and clarifying risk factors so that metrics, the "necessary measures," can be unambiguously applied. We formulate a system that (1) allows threats to be accurately measured and tracked, (2) enables the impacts and costs of successful threats to be determined, and (3) aids in evaluating the effectiveness and return on investment of countermeasures. We then examine the quality of controls implemented to mitigate cyber risk and study how effectively they reduce the likelihood of security incidents. Improved control quality was shown to reduce the likelihood of security incidents, yet the results indicate that investing in maximum quality is not necessarily the most efficient use of resources. The next manuscript expands the discussion of cyber risk management beyond single organizations by surveying perceptions and experiences of risk factors related to 3rd parties. To validate and these findings, we undertake in an in-depth investigation of nearly 1000 real-world data breaches occurring over a ten-year period. It provides a robust data model and rich database required by a decision support system for cyber risk in the extended enterprise. To our knowledge, it is the most comprehensive field study ever conducted on the subject. Finally, we incorporate these insights, data, and factors into a simulation model that enables us study the transfer of cyber risk across different supply chain configurations and draw important managerial implications.Ph. D.
14
Rose, Brett Tyler. "Tennessee Rockfall Management System." Diss., Virginia Tech, 2005. http://hdl.handle.net/10919/29263.
Повний текст джерелаАнотація:
The Rockfall Management System developed for Tennessee DOT (TennRMS)integrates a customized rockfall risk rating system, web-based GIS application, and rockfall database to provide a robust single interface for interacting with rock slope information. The system should prove to be a valuable tool for the proactive management of rock slopes. The most important use of the system will be to identify and prioritizing rock slopes with the greatest potential for rockfall in order to provide decision makers with all the necessary information they need to plan remediation efforts. Over time, TennRMS can be used to track costs and effectiveness of different remediation methods used on problem rock slopes.
Three papers have been developed for publication in peer reviewed journals. The papers describe the work done in support of developing Tennessee's Rockfall Management System (TennRMS) and its components. The system can be described by its conceptual framework and actual implemented components. Asset management incorporating risk & decision analysis and knowledge management makes up the conceptual framework. The system components include a field data collection system using PDA's, a rockfall database and a web-based GIS interface. The papers articulate the development and implementation of the various components and to provide a detailed review of rockfall management systems as implemented over the past 15 years.Ph. D.
15
Abdulrazzaq, Mohammed, та Yuan Wei. "Industrial Control System (ICS) Network Asset Identification and Risk Management". Thesis, Högskolan i Halmstad, Akademin för informationsteknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-38198.
Повний текст джерелаАнотація:
Setting against the significant background of Industrial 4.0, the Industrial Control System (ICS) accelerates and enriches the upgrade the existing production infrastructure. To make the infrastructures “smart”, huge parts of manual operations have been automated in this upgrade and more importantly, the isolated controlled processes have been connected through ICS. This has also raised the issues in asset management and security concerns. Being the starting point of securing the ICS, the asset identification is, nevertheless, first dealt by exploring the definition of assets in the ICS domain due to insufficient documentation and followed by the introduction of ICS constituents and their statuses in the whole network. When the definition is clear, a well-received categorization of assets in the ICS domain is introduced, while mapping out their important attributes and their significance relating the core of service they perform. To effectively tackle the ever-increasing amount of assets, identification approaches are compared and a case study was performed to test the effectiveness of two open source software. Apart from the identification part, this thesis describes a framework for efficient asset management from CRR. The four cyclic modules proposed give an overview on how the asset management should be managed according the dynamics of the assets in the production environment.
16
Ikram, N. "The management of risk in information systems development." Thesis, University of Salford, 2000. http://usir.salford.ac.uk/26725/.
Повний текст джерелаАнотація:
Despite impressive advances in technology and a plethora of Information Systems development methods there remain plentiful stories of Information Systems project failure. Risk Management promises a positive impact on Information Systems Development and has raised hopes of alleviating such problems This thesis summarises the earlier literature on the topic of Risk and Risk Management. It reports the results of an empirical study into the Management of Risk in Information Systems Development and provides both a better understanding of Risk Management in Information Systems Development and suggestions for the improvement of the theory and practice of Risk Management in Information System Development. In the review of the relevant literature about Risk, Risk Management, and Information Systems Risk Management, the thesis describes the essential concepts of the notion of Risk The suggested methods and practices of Risk Management in Information Systems Development are reviewed and critiqued and this lays down the basis for an empirical exploration, which includes a questionnaire survey. The empirical study undertaken investigates the nature of risks, current risk management practices, and their effect on Information Systems Development in the UK The study shows that there is a lack of rigorous research into Risk Management. The current literature provides useful knowledge and guidelines on Risk Management, but many of the claims made in the literature have no empirical validation. According to the empirical findings, the application of Risk Management to Information Systems Development is not a common practice. Furthermore, the positive effect of Risk Management on Information Systems Development is not very high and practitioners hold
17
Wong, Michael Men How. "Risk assessment and risk allocation in IS/IT private finance initiative projects." Thesis, University of Bath, 1999. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.301527.
Повний текст джерела
18
Veljkovic, Ivan. "BYOD: Risk considerations in a South African organisation." Master's thesis, University of Cape Town, 2018. http://hdl.handle.net/11427/29850.
Повний текст джерелаАнотація:
In recent times, while numerous organisations have difficulty keeping abreast with the frequent year-on-year technology changes, their employees on the other hand, continue to bring their personal devices to work to more readily access organisational data. This concept is known as Bring Your Own Device (BYOD). Studies have demonstrated that the introduction of BYOD commonly has a positive effect on both organisation and employees: increased optimism, job satisfaction and productivity are some of the perceived positive effects. Furthermore, BYOD can improve employees’ opportunities for mobile working and assist with the work flexibility they seek. This phenomenon, however, is still not well understood. In the South African context, this refers particularly to an inadequate understanding of risks associated with the introduction of BYOD into organisations. Some of the risks associated with this phenomenon are, for instance, related to information security, legislation and privacy issues. Hence, the intention of this research was to investigate, determine and assess BYOD risk considerations in a South African organisation. Using the available literature on this subject and an interpretative exploratory case study approach, this research explored various facets of BYOD-related risks (e.g. implementational, technological, legislation, regulation and privacy risks, human aspects and organisational concerns) as well as the impact these risks may have on both employees and an organisation. The organisation under investigation – from this point onward referred to as “Organisation A” – is a South African based information technology (IT) security consulting and service management organisation, which has seen increased expansion in its business and thus an increase in the number of its employees utilising their personal devices at the workplace. Even so, Organisation A was uncertain regarding possible risks that might hinder benefits of BYOD. Hence, this researcher defined the main research question as “What are the risks of introducing the BYOD in the South African organisation and what is an effective approach to address identified risks?”. The main objective was to identify and describe BYOD-related risks and to propose an appropriate model for addressing these risks. To answer the main research question, this researcher reviewed the applicable literature on the BYOD, including the limited South African literature pertaining to the subject. The review elicited the most common BYOD-related risks but also some models, frameworks and standards that may be applied for addressing these risks. Based on these revelations, an applicable BYOD risk management model was created and proposed. The literature review findings were subsequently tested in the empirical setting (in Organisation A) by conducting comprehensive interviews with research participants. This research adopted a qualitative approach in general and a case study methodology in particular. The collected data were analysed using the interpretative phenomenological analysis (IPA), which aided in providing a comprehensive understanding of the interviewees’ responses regarding the BYOD risks. The interviewees were selected based on a purposeful (pre-defined) sampling. The results of this interpretative research suggest that the interviewees’ responses are closely aligned with the information on BYOD risks collected from the pertinent literature. The results show that successful introduction and usage of BYOD in the studied organisation requires the implementation of mixed risk management measures: technological (e.g. mobile device management and its additional components), non-technological (e.g. IT or BYOD security policies), the usage of general risk management frameworks (e.g. ISO 27001), the development of an organisational security culture and skilling of the human factor (e.g. employee awareness, training and education, for example). Additionally, it was found that participation of employees in the development of BYOD policies is an essential and effective tactic for transforming a fragile BYOD risk link (i.e. employees) into a strong risk prevention mechanism. Furthermore, this research also revealed that in the South African context, it is important that an organisation’s BYOD security policies are sound, preferably meeting the POPI Act requirements and thereby avoiding legislation risks. The contribution of this research is twofold: first academic, and second, practical. The academic contribution is realised by adding to the body of knowledge on the BYOD risks – most particularly in terms of understanding potential risks when introducing BYOD in the South African context. The practical contribution manifests through the provision of detailed risk considerations and mitigation guidelines for organisations wishing to introduce BYOD practices or considering ways to improve their current BYOD risk management strategy. It is acknowledged that this research has some limitations, particularly in regard to the limited generalisation of the findings due to the limited sample provided by only one organisation. Although the results are not necessarily applicable to other South African organisations, these limitations did not impact the relevance and validity of this research.
19
Crosara, Alessandro. "Calculating the Risk of Power Shortage in the Nordic Power System." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-235201.
Повний текст джерелаАнотація:
In the near future, the decommissioning of large power plants is planned in the Nordicelectric power system, due to environmental and market reasons. This will be counteredby an increase in the wind power installed capacity, as well as by signicant investmentsin the transmission system. In such a context, characterized by several changes, theNordic power system might face reliability challenges.This thesis aims to calculate the risk of power shortage in the dierent price areas whichconstitute the Nordic power system, for three dierent scenarios: a base scenario 2015,scenario 2020, and scenario 2025. Dierent case studies, focusing on the Nordic powersystem and on some of its subsystems, are investigated. The reliability evaluation whichis carried out follows a probabilistic approach, by means of Monte Carlo simulations.Crude Monte Carlo, as well as an advanced variance reduction technique { namely Cross-Entropy based Importance Sampling (CEIS) { are applied and compared. An alternativesampling method based on stratied sampling is presented too.The starting point of this thesis is Viktor Terrier's 2017 Master thesis, \North EuropeanPower Systems Reliability" [1]. Model-wise, among the other improvements, load andwind power are sampled in a dierent way to account for the correlation between them.Data-wise, more realistic assumptions are made and more accurate data are used, thanksalso to the collaboration with Sweco Energuide AB, Department of Energy Markets.From the model perspective, it is concluded that CEIS outperforms crude Monte Carlowhen simulating small to medium size systems, but it cannot be successfully appliedwhen simulating large and very reliable systems like the Nordic system as a whole. Thepresented alternative sampling method can however be used for such cases. From thenumerical-results perspective, the drawn conclusion is that the Nordic power system isestimated to become more reliable by years 2020 and 2025. Even if partly intermittent,more generation capacity is expected to be available, and thanks to the signicant investmentswhich are planned in the transmission system, it will be possible to eectivelytransmit more power where needed, regardless of the area where it has been generated.The thesis is carried out at KTH Royal Institute of Technology, Department of ElectricPower and Energy Systems, in collaboration with Sweco Energuide AB, Department ofEnergy Markets, within the frame of the North European Energy Perspectives Project(NEPP).På grund av miljöoch marknadsförhållanden, planeras kommande år nedläggningenav stora kraftverk i det nordiska elsystemet. För att ersätta dessa krävs ett ökat antal vindkraftverk, men även stora investeringar i elöverföringssystemet. Denna övergång kan ställa det nordiska elsystemet inför tillförlitlighetsutmaningar.Denna avhandling har till syfte att beräkna risken för effektbrist i de olika prisområdena som utgör det nordiska elsystemet, för tre olika scenarier: ett referensscenario som motsvarar läget under 2015, scenario 2020 och scenario 2025. Olika fallstudier utförs med fokus på det nordiska elsystemet och några av dess delsystem. Tillförlitlighetsanalysen i denna avhandling är baserad på sannolikhetsmetoder och utförs med hjälp av Monte Carlo simuleringar. Både enkel Monte Carlo och en avancerad variansreduktionsteknik, den så kallade Cross-Entropy-baserade samplingsmetoden (CEIS)tillämpas och jämförsmed varandra. presenteras.Ä ven en alternativ samplingsmetod baserad på stratifierad samplingUtgångspunkten för denna avhandling är Viktor Terriers examensarbete från 2017, med titeln “Nordeuropeiska elsystemets tillförlitlighet” [1]. I den förbättrade modellen presenterad i denna rapport ingår bland annat en förbättrad samplingsmetod för last och vindkraft, som även tar hänsyn till korrelationen mellan dessa parametrar. Tack vare samarbetet med energimarknadsavdelningen på Sweco Energuide AB, har även noggrannheten i de data som används, och de antaganden som dessa baseras på förbättrats.Ur ett modellperspektiv, dras slutsatsen att CEIS levererar bättre resultat jämfört med Monte Carlo när små och medelstora system simuleras, men kan inte användas för att simulera stora och högt tillförlitliga system, såsom det nordiska elsystemet. För sådana fallstudier kan emellertid den presenterade alternativa samplingsmetoden tillämpas. Ur det numeriska resultatperspektivet dras slutsatsen att tillförlitligheten med det nordiska elsystemet förväntas öka fram till 2020 och 2025. Trots en delvis oregelbunden produktion, kommer den installerade produktionskapaciteten att vara högre, och tack vare stora planerade investeringar i överföringssystemet, kommer den producerade elektriska effekten att kunna transporteras till områden där den behövs, oavsett var den genereras.Detta examensarbete har utförts vid avdelningen för elkraftteknik på Kungliga Tekniska Högskolan (KTH), i samarbete med energimarknadsavdelningen på Sweco EnerguideAB, inom ramen för North European Energy Perspectives Project (NEPP).
20
Papšys, Kęstutis. "Methodology of development of cartographic information system for evaluation of risk of extreme events." Doctoral thesis, Lithuanian Academic Libraries Network (LABT), 2013. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2013~D_20130220_160846-94374.
Повний текст джерелаАнотація:
The thesis describes the methodology of evaluation of extreme events and development of cartographic information system for this purpose. Existing complex risk assessment systems in the world are analysed highlighting their advantages and disadvantages. Author proposes original integrated risk assessment methodology based on integration of information from different geographic data sources. A cartographic information system designed by the author allows for the assessment of extreme events threats and risks. The developed methodology includes methodology of cartographic information system component development and deployment. The work describes necessary extreme events data, methods of their collection and database design principles. The created model enables the user to collect the data on extreme hazard events and to aggregate several threats into a single synthetic threat. The concepts of risks and threats and risk assessment methodology are explained. The author introduces project of an information system operating in the Lithuanian Geographic Information Infrastructure and integrated in the Lithuania spatial information portal. The system is tested with several consistent spatial data sets for Lithuania. The thesis presents experimental results that show increased geological and meteorological risk areas in Lithuania. Finally, methodological and practical conclusions about the methods and system customization, reliability and compliance with standards are presented.Disertacijoje aprašoma ekstremalių įvykių vertinimo kartografinės informacinės sistemos kūrimo metodologija. Analizuojamos pasaulyje egzistuojančios kompleksinės rizikos vertinimo sistemos išryškinami jų trūkumai ir privalumai. Atliktos analizės pagrindu sukuriama originali daugeliu duomenų šaltinių pagrįsta kompleksinio rizikos vertinimo metodologija ir aprašoma autoriaus suprojektuota informacinė sistema leidžianti vertinti ekstremalių įvykių grėsmes ir riziką. Sukurta metodologija apima kartografinės informacinės sistemos sudedamųjų dalių kūrimo ir diegimo metodiką. Aprašomi sistemos veikimui reikiamų duomenų tipai, jų surinkimas, ekstremalių įvykių duomenų bazės kaupimo principai, sukuriamas ekstremalių įvykių grėsmių skaičiavimo ir kelių grėsmių apjungimo į vieną sintetinę grėsmę modelis. Aprašomas rizikos ir grėsmės santykis ir rizikos vertinimo metodologija. Disertacijoje taip pat pateikiama visos sistemos, veikiančios Lietuvos geografinės informacijos infrastruktūroje, ir integruotos Lietuvos erdvinės informacijos portale projektas. Sistema išbandyta su Lietuvoje pasiekiamais ir realiai egzistuojančiais erdvinių duomenų rinkiniais. Pateikiami eksperimento metu gauti rezultatai, rodantys padidintų geologinių ir meteorologinių rizikos rajonus Lietuvoje. Darbo pabaigoje pateikiamos metodologinės ir praktinės išvados apie metodų ir sistemos pritaikymą, patikimumą ir atitikimą standartams.
21
Katsargyri, Georgia-Evangela. "Individual and systemic risk trade-offs induced by information barriers in the financial system." Thesis, Massachusetts Institute of Technology, 2017. http://hdl.handle.net/1721.1/108995.
Повний текст джерелаАнотація:
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2017.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 87-91).
Investment diversification is a risk management technique that allows to create balanced portfolios that achieve a certain rate of return on one's investment, within a certain risk allowance. Despite the advantages it offers to investors, diversification has been strongly debated in the aftermath of the global financial crisis of 2007-2009, because it is believed to have potential adverse effects on systemic risk. In this thesis, we specifically investigate the adverse effects that limited information availability of investors, and the diversification choices they make due to that information, may have on the systemic risk of the financial system as a whole. Information availability here is seen as the level of awareness for each agent of the available options he can employ in order to diversify his portfolio in the given market, examined in terms of two so-called "information barriers": a) assets accessibility, representing private and public information offered to each investor about the available assets in the market, b) agents diversifiability, representing the agent's experience in processing this information in order to make better diversification decisions. Building on an existing stylized financial system model, we enrich it by partitioning the assets and the investors according to their accessibility and diversifiability respectively. Our contribution is threefold; we demonstrate a tradeoff between individual diversification activity and systemic risk induced by the two information barriers, we provide analytical characterization and numerical representation of the conditions under which diversification activity under limited information may amplify systemic risk and finally we observe and highlight a discrepancy that is created between actual and perceived risk for increasing level of information availability in the system.
by Georgia-Evangelia Katsargyri.
Ph. D.
22
Hansson, Sanna. "Ett smidigt hjälpmedel eller en internetberoende risk? : Molnlagring ur privatpersoners perspektiv." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-17358.
Повний текст джерелаАнотація:
Molnlagring som tjänst är något som ökat stort de senaste åren och allt fler går över till att lagra sina filer i molnet, både företag och privatpersoner. Forskningen inom området har även den blivit populär. Ett stort antal undersökningar finns att tillgå om hur molnet fungerar, olika säkerhetsrisker samt om hur företag tjänar på att lagra sin information online istället för lokalt. Men få undersökningar finns som rör privatpersoner, och ännu färre om hur användarna själva ser på tjänsten. Den här studien syftar till att ta reda på vad privatpersoner tycker om molntjänstlagring, och vad de anser vara viktiga fördelar och nackdelar. Den har genomförts med hjälp av intervjuer för att få en djupare förståelse för deras tankar och åsikter. Resultatet av studien visar ett antal fördelar respektive nackdelar. Åsikterna kring fördelar är ganska entydiga och det är tydligt vad som anses vara viktigast. Nackdelarna är snarare oro för olika scenarier som skulle kunna inträffa och är betydligt mer spridda. Här syns också att respondenternas it-vana har en stor betydelse för vad personen fokuserar på och oroar sig för.
23
Straka, Václav. "Posouzení efektivnosti informačního systému ve firmě zabývající se lokalizací a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2021. http://www.nusl.cz/ntk/nusl-446773.
Повний текст джерелаАнотація:
This diploma thesis deals with the review of the current state of the information system in the firm, which focuses on localisation. The paper defines theoretical terms which are necessary to in order to understand the area of information systems with regard to its structure and operating. The environment of the firme is described together with the analysis of the information systém in use. With the information collected from the analyses and the questionere we are able to identify the risk areas. The identified risks are treated on the basis of severity by proposing changes and then economically evaluated.
24
Zeman, Jan. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2013. http://www.nusl.cz/ntk/nusl-232757.
Повний текст джерелаАнотація:
This diploma thesis analyzes the information system named TDoC, which is operated at company Siemens, s.r.o., Industrial Turbomachinery, subsidiary company. The theoretical part focuses on defining the theory and history of information systems and databases, as well as on the description of the risk analysis. The aim of this work is to analyze the current state of information system, assessment of the condition, finding risks and propose measures to improve the current situation and elimination the risks.
25
Pantelopoulos, Alexandros A. "¿¿¿¿¿¿¿¿¿¿¿¿PROGNOSIS: A WEARABLE SYSTEM FOR HEALTH MONITORING OF PEOPLE AT RISK." Wright State University / OhioLINK, 2010. http://rave.ohiolink.edu/etdc/view?acc_num=wright1284754643.
Повний текст джерела
26
Němec, Milan. "Návrh informačního systému." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-399950.
Повний текст джерелаАнотація:
The diploma thesis deals mainly with the design of a structured proposal of information strategy of an insurance broker company, based on an analysis of the current state of specific processes of the selected organization and their optimization with the aim of designing the structure and requirements for a new information system. Emphasis is also placed on change management, designing time and content schedules, and managing related risks.
27
Srivastava, Siddhartha. "D-GRIP : DNA genetic risk information profile : A genotype analysis system to predict a genetic risk profile for an individual." Thesis, University of British Columbia, 2007. http://hdl.handle.net/2429/32186.
Повний текст джерелаАнотація:
New genotyping technologies are producing reliable results with far greater coverage and at dramatically lower cost than previously possible. Given the rapid new discovery of disease associated markers and the new technology for determining the nucleotide sequences of key positions in the DNA of an individual, it is now feasible to apply existing knowledge to generate personalized analyses of genetic risk for diverse diseases. DNA Genetic Risk Information Profile (D-GRIP) is a genotype analysis software system that determines an individual's genetic risk profile given a genotype. The prototype web tool can take, as input, up to a million observed genotypes from single nucleotide positions known to be polymorphic in a human population. The submitted genotype data are compared to a database of disease associated single nucleotide polymorphisms (SNPs) and an output is generated, reporting disease-associated variants for which the individual has a predicted modified risk. An evaluation of D-GRIP was performed through the direct surveying of potential users of such a system - users such as clinicians, genetic counselors and genetics researchers. Due to ethical issues related to providing a genetic risk profile, the prototype system is kept closed to the general public and reserved for research into the utility and requirements of such software. The major conclusions drawn direct attention towards the key limitations presently precluding the creation of personalized genetic risk assessment. The lack of computationally exploitable resource for disease associated genetic variants, the inherent statistical complexities involved with risk calculation for large-scale genotyping data and the limited understanding of interactions between genes, environment and complex diseases, are all key factors that need to be overcome in order to create a practical genetic risk assessment tool.Science, Faculty of
Graduate
28
Anderson, Alison Mary. "The object-oriented modelling of information systems security risk." Thesis, Queensland University of Technology, 1997.
Знайти повний текст джерела
29
Al-Hassany, Ibrahim. "Applying the ENISA IT Risk Assessment for Cloud Computing on Small & Medium Enterprises. A Case Study of Policy/Organizational, Technical and Legal Risks." Thesis, Örebro universitet, Handelshögskolan vid Örebro Universitet, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-48922.
Повний текст джерела
30
Sundahl, Mark Jack. "Automating the basic configuration of IPMI interfaces : To reduce the risk of misconfiguration." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-18754.
Повний текст джерелаАнотація:
In this report the lack of basic security of IPMI devices when freshly received from the manufacturer will be discussed and analysed. Furthermore, the rest of the report will focus on attempting to find a solution on how to automate configuration of IPMI devices (and iDRACs due to hardware being borrowed from Ericsson Linköping) to avoid misconfigurations and to change the default credentials shipped. Three proposed workflows will be implemented and compared, and a fourth is further proposed in this report. All three workflows prove to work but the first using OME is found being slower, needing an additional license per iDRAC and require manual intervention while the other two workflows works fully automated. Considering how the three first workflows all require AutoConfig regardless of the rest of the steps the second workflow is recommended as its way faster than the other two methods. In theory the fourth workflow would be even better as it does not require AutoConfig to work nor would it necessarily only work for iDRACs but work for any IPMI device which supports the REDFISH API. Lastly getting better basic security should be something that the manufacturers should strive for as it only strengthens their brand and should they do so in the future then this automation may be unnecessary but could be repurposed to change any setting in the IPMI device.
31
Al-Shehab, Abdullah. "Causal and cognitive mapping methods for the identification of risk in information system development projects." Thesis, University of Brighton, 2007. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.443557.
Повний текст джерела
32
Černohorský, Michal. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2014. http://www.nusl.cz/ntk/nusl-233061.
Повний текст джерелаАнотація:
This diploma thesis deals with assessment of the organization's information system. This work is divided into two parts. The first part addresses theoretical description of the information systems and the definition of risks. The second part addresses the objectives of this work, which is the analysis of the current condition of the organization’s information system, identification of risks and suggestions of changes that aims to improve the current state of system and to eliminate discovered risks.
33
Blinn, Christopher Michael. "Creation of a Spatial Decision Support System as a Risk Assessment Tool Based on Kentucky Tornado Climatology." TopSCHOLAR®, 2012. http://digitalcommons.wku.edu/theses/1153.
Повний текст джерелаАнотація:
Tornadoes are one of Mother Nature’s deadliest phenomena. They affect a large region of the United States. The risk of tornadoes is contingent on dynamic atmospheric conditions that are most likely during spring but which can occur anytime of the year, making the storms challenging to forecast. Using geographical information systems (GIS), a web-based spatial decision support system (SDSS) was created to help understand the spatial dimension of tornado risk assessment. The risk values are calculated using Tornado Days rather than taking a crude density measurement. The SDSS hosts GIS web services that are displayed on an Adobe Flex application. The web application allows users to view, research, query and extract information from the attributes of the GIS files. There is also a dynamic risk tool which gives users the ability to click anywhere inside the study area and get the percentage of risk that a tornado will occur within 25 miles of that very point. The web application eliminates users and viewers from conducting their own research and GIS work. In addition, automated updating models and macros were created to update the tornado database on an annual basis.
34
Parinyavuttichai, Nipon. "Risk management in information systems development in a Thai context." Thesis, University of Sheffield, 2011. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.574532.
Повний текст джерелаАнотація:
Information Systems (IS) risks have been known as one of the main reasons that contribute to IS project failure. Effective management of IS risks is therefore important for the success in IS project management. Most current literature tries to identify and describe the characteristics of IS risks and risk management concept from a snapshot view. However, some argues that without a comprehensive understanding of the risk management concept through a holistic approach, i.e., process approach, little may be known about how to effectively manage IS risks. Hence, the main purpose of this study is to examine the risk management concept in IS projects. It seeks to explore how IS risks emerge during information systems development (ISD) processes, and to understand how risk management approaches are used to manage the situations of IS risks. An interpretive case study was used to illustrate how IS risks are managed during four IS projects, i.e., NLT, RPAF, 3D, and e-Paperless project. The key participants tram these projects were interviewed and asked to provide the information about ISD and risk management in their project. The information collected from the field and the relevant project documents were then analysed by using a process model and thematic analysis. The results of each case were compared and contrasted. The findings of this study suggest that by nature IS risks are dynamic meaning that they change over time, unpredictable, and emerge from situations in the project. And this is due to four conditions: antecedent conditions, contextual factors, activities in ISD phase, and escalation theories. Moreover, due to the dynamic nature of IS risks, this study stresses the importance of the systematic risk management as opposed to the risk management based on ad-hoc basis generally adopted by most IS project teams. Particularly, it is found that when systematic risk management processes are implemented, IS risks can be more thoroughly examined and managed. In addition, the study identifies and describes the effective risk management processes and key limitations of risk management by the project development teams. The outcome of this study contributes to the existing knowledge in IS area. In particular, this study identifies and explains the dynamic nature of IS risks, suggests the effective risk management processes and constraints of the current risk management processes, and propose an alternative risk management framework with respect to the changing nature of IS risks. In addition, methodologically the study is among the first to use the thematic analysis with the process model to holistically explain risk management in the IS projects. This study has implications for IS researchers and practitioners in a number of ways. IS researchers may use this study as a template to further investigate IS risks and risk management from the dynamic point of view. Similarly, IS practitioners may learn how to improve risk management performance by avoiding the conditions that trigger IS risk emergence. Besides, they may implement effective risk management strategies and approaches suggested in this study to alleviate the situations of IS risks and risk emergence from their projects. Since this study is conducted only in Thai-based IS projects, the results of this study need to be validated against the projects in the different contexts to see how well the outcome of this study can explain the risk management concept in the different contexts. Also, this research is based on the exploratory nature whose main objective is to explore and describe the situations of risks and risk management in the chosen IS projects. Therefore, the findings may disappoint those who seek theory development from this study as the findings may not always be generalisable to every IS project context.
35
Newman, William Arthur. "Risk/threat based analysis auditing in advanced management information systems." Thesis, University of Canterbury. Accounting and Information Systems, 1986. http://hdl.handle.net/10092/3761.
Повний текст джерелаАнотація:
This dissertation discusses the growth of auditing and internal control and
evaluates the present degree of knowledge and the current and future roles of
auditors in a computer-based environment. An analysis of the current state of
computer-based auditing is presented along with current research in audit and
security methodologies is presented and critiqued. The concept of System
Metrics is formulated and defined and a computer-audit analysis system called
the Risk Evaluation Model (REM) is created, described and utilized. The Risk
Evaluation Model is an interactive set of programs written in FORTRAN which
assesses Information Systems for a variety of attributes to judge the "quality" of a
system. Currently the system assesses:
1. Portability of the System;
2. Maintainability of the System;
3. Complexity of the System;
4. Known threats to the System and known Features neutralizing
those threats;
5. The General System Security Level; and
6. The Hardware Reliability of the System.
The model is currently implemented on the Prime 750 computer.
36
Branagan, Mark Allan. "A risk simulation framework for information infrastructure protection." Thesis, Queensland University of Technology, 2012. https://eprints.qut.edu.au/51006/1/Mark_Branagan_Thesis.pdf.
Повний текст джерелаАнотація:
Information communication and technology (ICT) systems are almost ubiquitous in the modern world. It is hard to identify any industry, or for that matter any part of society, that is not in some way dependent on these systems and their continued secure operation. Therefore the security of information infrastructures, both on an organisational and societal level, is of critical importance.
Information security risk assessment is an essential part of ensuring that these systems are appropriately protected and positioned to deal with a rapidly changing threat environment. The complexity of these systems and their inter-dependencies however, introduces a similar complexity to the information security risk assessment task. This complexity suggests that information security risk assessment cannot, optimally, be undertaken manually. Information security risk assessment for individual components of the information infrastructure can be aided by the use of a software tool, a type of simulation, which concentrates on modelling failure rather than normal operational simulation. Avoiding the modelling of the operational system will once again reduce the level of complexity of the assessment task. The use of such a tool provides the opportunity to reuse information in many different ways by developing a repository of relevant information to aid in both risk assessment and management and governance and compliance activities. Widespread use of such a tool allows the opportunity for the risk models developed for individual information infrastructure components to be connected in order to develop a model of information security exposures across the entire information infrastructure.
In this thesis conceptual and practical aspects of risk and its underlying epistemology are analysed to produce a model suitable for application to information security risk assessment. Based on this work prototype software has been developed to explore these concepts for information security risk assessment. Initial work has been carried out to investigate the use of this software for information security compliance and governance activities. Finally, an initial concept for extending the use of this approach across an information infrastructure is presented.
37
Štrba, Matej. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2021. http://www.nusl.cz/ntk/nusl-444569.
Повний текст джерелаАнотація:
This diploma thesis deals with the assessment of the information system of the company SAbis Logistics s.r.o. The current system is analyzed using various analyzes and based on the results of the analyzes, changes to the information system are proposed, which should lead to streamlining the company's processes.
38
Mitevová, Vanesa. "Výběr informačního systému pro účetní firmu." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2020. http://www.nusl.cz/ntk/nusl-433349.
Повний текст джерелаАнотація:
This diploma thesis deals with the selection of a suitable information system, which should help to streamline business processes and adapt to the competition. The information system is selected for the accounting office ProfiAccount s.r.o. based on their predetermined needs and requirements. The first part of the thesis devotes the theoretical basis to acquaint readers with the issue of information and communication technologies. The second part analyzes the current state of the system in the company based on selected analyzes. The most important part is the selection of the system itself on the basis of content, business and technical criteria. The diploma thesis is supplemented by risk analysis, which is an integral part of every project and process.
39
Saeed, Muhammad, and Mehmood Ziauddin. "A Structured Approach for Evaluating Risk Impacts in IT Projects." Thesis, Mälardalen University, School of Sustainable Development of Society and Technology, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-782.
Повний текст джерелаАнотація:
Date: 12-June-2008
Authors: Muhammad Saeed – 760721
Västerås – Sweden
Mehmood Ziauddin – 830730
Västerås – Sweden
Title: A Structured Approach for Evaluating Risk Impacts in IT Projects
Introduction: Risk is an integral part of any project and it’s more appropriate to say for IT because it is changing with a very fast pace. Different surveys, reports and researches show astonishing statistics about the risks in IT projects. Through proper risk assessment techniques most of the uncertainties can be reduced while initiating, implementing and improving IT projects. Different authors talk about different risks and different strategies to respond to them. It becomes difficult at times to keep in check all the risks. Often risk management is over hyped, and often it’s totally neglected. Their needs to be a balanced approached in risk management.
Problem: How a structured approach will be beneficial for an organization in assessing risk impacts on IT Projects?
Purpose: The aim of this report is to develop and analyze a structured approach which will permit an organization in identifying & categorizing risks and measuring their impact on IT Projects.
Method: Exploratory research approach is used and data collection is done using secondary sources. Our thesis is qualitative research based. Qualitative research is the one which is not relying on statistical data as compared to quantitative research.
Besides our text books and study material, the main source of information was internet databases and university library from where we read different articles, thesis and books. Majority of the material studied was collected from Mälardalen University Library’s online databases like, Elin@Mälardalen, Compendex, Emerald and Ebrary. We also consulted some books which we got by inter-library loan from Mälardalen University.
Conclusion: With the help of Remenyi’s approach for categorizing risks and Applegate’s approach of measuring risk impact, we have managed to develop a structured approach and reached a conclusion that proper identification and categorizing of risks can be very beneficial for an organization in numerous ways. This systematic way assists top management, project managers, IT & non IT Personnel is taking preemptive measures for managing risks. The benefits it brings is that it gives an equal understanding within the organization and this structured approach gives an in-depth and clear understanding of the risks associated with IT projects.
40
Vavrová, Jaroslava. "Návrh informačního systému." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318345.
Повний текст джерелаАнотація:
This master's thesis is focused on the design of the project and the subsequent implementation of the information system into the newly created e-commerce. In the theoretical part, I describe the chosen company and the problematics which I encountered to during this thesis and conversely in practical part I propose a concrete solution tailored to the monitored company. My thesis's goal is to design information system, so it was connected to e-shop, warehouse, accounting and the other necessary elements.
41
Couraud, Jason R. "Risk Perception in Online Communities." DigitalCommons@USU, 2014. https://digitalcommons.usu.edu/etd/3898.
Повний текст джерелаАнотація:
Online communities have become a part of everyday life for many people. The members of the communities use them to keep in touch with family and friends, do business, look for jobs, play games, and more, both savory and unsavory. The ease of sharing personal information comes with the subsequent risk of having that information exposed publically or even stolen. The purpose of this study was to explore how much awareness of the risks affects a person’s decision to post personal information to an online community.
Chapter I introduces the concepts and issues that will be investigated by this paper. Chapter II is a review of the literature on risk. Chapter III explains the model that was developed and used determine the relationships between risk perception, attitude, fear, and information revelation. Chapter IV explains the methods used to gather the data and what data was gathered. Chapter V contains the analysis of the data collected. Chapter VI contains the conclusion drawn from the data, implications for the research, and directions for future research.
42
Thöni, Andreas, Alfred Taudes, and A. Min Tjoa. "An information system for assessing the likelihood of child labor in supplier locations leveraging Bayesian networks and text mining." Springer Nature, 2018. http://dx.doi.org/10.1007/s10257-018-0368-0.
Повний текст джерелаАнотація:
This paper presents an expert system to monitor social sustainability compliance in supply chains. The system allows to continuously rank suppliers based on their risk of breaching sustainability standards on child labor. It uses a Bayesian network to determine the breach likelihood for each supplier location based on the integration of statistical data, audit results and public reports of child labor incidents. Publicly available statistics on the frequency of child labor in different regions and industries are used as contextual prior. The impact of audit results on the breach likelihood is calibrated based on expert input. Child labor incident observations are included automatically from publicly available news sources using text mining algorithms. The impact of an observation on the breach likelihood is determined by its relevance, credibility and frequency. Extensive tests reveal that the expert system correctly replicates the decisions of domain experts in the fields supply chain management, sustainability management, and risk management.
43
Njenga, Kennedy Nduati. "Conceptualising improvisation in information security risk management activities : a South Africa case study." Doctoral thesis, University of Cape Town, 2009. http://hdl.handle.net/11427/5664.
Повний текст джерелаАнотація:
Includes abstract.Includes bibliographical references (leaves 286-299).
The aim of this research was to understand how functionalist approaches and the incremental approaches are manifested in ISRM activities. New insights and meaning to the ISRM activities were presented when the incrementalist approaches to ISRM and the functionalist approaches to ISRM were examined holistically. Improvisation, for the purpose of this research, was used to explain this holistic understanding.
44
Sun, Jean-huan, and 孫震寰. "Information Security Risk Assessment of Bancassurance Information System." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/53053857178291666972.
Повний текст джерелаАнотація:
碩士銘傳大學
風險管理與保險學系碩士在職專班
97
Information technology has been a key role in organizations and enterprises of nowadays to bring better operation efficiencies. As the internet is making accessing to information easier, it is also exposing the enterprises to higher risks. The report from III is indicating that information security is crucial to the operation of financial institutions. The Bancassurance in Taiwan now have become a significant selling channel for insurance products in last decade. Admirably, the banks and its subsidiaries like China Trust Insurance Brokers Co., overwhelmed all the insurance companies in premium commission income since 2004. Bancassurance, and its information security are therefore becoming worthwhile topics for related research. This article brings an extensive evaluation over 46 bancassurance agencies. The survey introduced the process developed by Taiwan’s Ministry of Economic Affairs for assessing the security level of information systems in SME. This article intends to discover the major elements that a comprehensive security strategy should be taking care of in its development process. The interactions of these elements are also explored. Both the methodologies of quantitative (with frequency and damage estimation) and descriptive (for risk perception) are used in the survey. A summary is developed for how to strategize the information security policy with evaluation results. The survey indicates the network security brings the most problems to the overall information security, while the government regulation brings the least. The survey also finds higher the damage that a problem causes, more the awareness from the administrator of it. The survey shows the MIS managers and staffs have insufficient knowledge with information security. They very often under-estimate the probability and damage of network security problems, and over-estimate the influences from other elements. For the Information security strategy of Taiwan’s bancassurance enterprises, this article suggests ‘prevention’ policy to deal with problems in computer security, business application systems and network security, ‘prevention’ and ‘transferring’ policy for problems of staff security and outsource management, and ‘acceptance’ policy for requirement of regulations. It is highly recommended to reinforce the knowledge level of MIS crews and the general management. Risk perception is a convenient tool to determine the comprehensiveness of information security of an enterprise. It plays key role both in the policy making of risk management, and also in the process for related communication within the enterprise.
45
LIN, CHEN-CHU, and 林宸竹. "An Information Security Risk Management System Considering Compliance and Risk Information Visualization." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/44401301548316036567.
Повний текст джерелаАнотація:
碩士國立臺灣科技大學
資訊管理系
98
Considering security and convenience in information systems and services of organizations, organizations need to implement information security risk management processes to identify potential information security incidents and to evaluate loss expectancy of the incidents. Consequently, organizations can adopt appropriate or cost-effective countermeasures to control the incidents. To establish risk management processes, an organization needs to maintain huge amount of data about risks or potential incidents. Obviously, it would be a tedious work to maintain the data. Therefore, this study proposes an information system, called Risk Patrol, for an organization to perform risk management processes. While many organizations establish information security management systems based on ISO 27001, the proposed system follow ISO 27005 to help organizations to comply the requirements about risk management in ISO 27001. In addition, the proposed system also contributes to provide an integrated view for managers or stakeholders of an organization to know risks of the organization. The managers and stakeholders can then decide how to treat the risks based on the system. Therefore, the proposed system can contribute to improve organizational security.
46
Yu, Chih-Pin, and 游芷萍. "Risk management of information system outsourcing." Thesis, 2006. http://ndltd.ncl.edu.tw/handle/89142578935391114356.
Повний текст джерелаАнотація:
碩士國立臺灣大學
會計學研究所
94
In this study, transaction cost theory and agency theory are applied to build the fundamental models of IT outsourcing risk management. In order to investigate how the attributes of organizations influence IT outsourcing risk, we integrates such attributes i.e., asset specificity, uncertainty, measurement problems, promixity of core competencies, top management involvement, outsourcing experiences, choice of suppliers, strategy importance and IT capability, which organizations need to take into account. Furthermore, we separate the risk into three parts: the risk models of environmental factors, mutual relationship between both parities, and IT safety. There are 1,287 private sector and corporate were selected to conduct the survey. 172 questionnaires were returned, 5 of them were incomplete. The percentage of return rate is 13.4% and the valid returned questionnaires is 12.9 %. We adopt questionnaire to implement this empirical study. The results reveal the following characteristics: (1) In the risk model of environmental factors: the higher the uncertainty of IT outsourcing, the more risky the IT outsourcing. (2) In the model of mutual relationship between both parities: the higher the asset specificity, the more risky the IT outsourcing. (3) In the model of IT safety: the higher the IT capability, the more risky the IT outsourcing.
47
Mayer, Nicolas. "Model-based Management of Information System Security Risk." Phd thesis, 2009. http://tel.archives-ouvertes.fr/tel-00402996.
Повний текст джерелаАнотація:
Durant les vingt dernières années, l'intérêt pour la sécurité lors du développement et l'exploi\-tation des systèmes d'information n'a cessé de croître. Les méthodes de gestion des risques de sécurité sont des outils méthodologiques, qui aident les organisations à prendre des décisions rationnelles sur la sécurité de leur système d'information. Les retours d'expérience sur l'utilisation de telles approches montrent une réduction considérable des pertes liées aux problèmes de sécurité. Aujourd'hui, ces méthodes sont généralement construites autour d'un processus bien structuré. Cependant, le produit issu des différentes étapes de la gestion des risques est encore très largement informel et souvent pas assez analytique. Ce manque de formalisme est un frein à l'automatisation de la gestion des informations relatives aux risques. Un autre inconvénient des méthodes actuelles est qu'elles sont généralement destinées à évaluer a posteriori comment les systèmes d'information déjà existants gèrent les risques, et sont difficilement applicables a priori, pendant la conception de tels systèmes. Enfin, chaque méthode utilisant souvent une terminologie qui lui est propre, il est difficile de combiner plusieurs méthodes afin de profiter des points forts de chacune. Afin de répondre aux problèmes mentionnés ci-dessus, notre contribution propose une approche basée sur la modélisation de la gestion des risques, utilisable dans les phases amont de conception de systèmes d'information. Cette approche est fondée sur une étude des concepts propres au domaine.Notre démarche scientifique se compose de trois étapes successives. La première étape vise à définir un modèle conceptuel de référence relatif à la gestion des risques de sécurité. La méthode de recherche adoptée propose de fonder le modèle sur une étude approfondie de la littérature. Les différents standards de gestion des risques et/ou de sécurité, un ensemble de méthodes représentatives de l'état actuel de la pratique, ainsi que les travaux scientifiques se rapportant au domaine, ont été analysés. Le résultat est une grille d'alignement sémantique des concepts de la gestion des risques de sécurité, mettant en évidence les concepts-clés intervenant dans une telle démarche. Sur base de cet ensemble de concepts est ensuite construit le modèle du domaine de la gestion des risques. Ce modèle a été confronté aux experts du domaine, provenant du monde de la standardisation, des méthodes de gestion des risques et du monde scientifique.
La deuxième étape de notre recherche enrichit ce modèle du domaine avec les différentes métriques utilisées lors de l'application d'une méthode de gestion des risques. La démarche proposée combine deux approches pour la détermination des métriques. La première est la méthode Goal-Question-Metric (GQM) appliquée sur notre modèle de référence. Elle permet de se focaliser sur l'atteinte du meilleur retour sur investissement de la sécurité. La seconde enrichit les métriques identifiées par la première approche, grâce à une étude de la littérature basée sur les standards et méthodes étudiés lors de la première étape. Une expérimentation sur un cas réel de ces métriques a été réalisée, dans le cadre de l'accompagnement d'une PME vers la certification ISO/IEC 27001.
Enfin, dans une troisième étape, nous relevons dans la littérature un ensemble de langages de modélisation conceptuelle de la sécurité de l'information. Ces langages sont issus essentiellement du domaine de l'ingénierie des exigences. Ils permettent donc d'aborder la sécurité lors des phases initiales de la conception de systèmes d'information. Nous avons évalué le support conceptuel proposé par chacun d'eux et donc le manque à combler afin d'être à même de modéliser intégralement les différentes étapes de la gestion des risques. Le résultat de ce travail permet de formuler une proposition d'extension du langage Secure Tropos et une démarche d'utilisation de cette évolution dans le cadre de la gestion des risques, illustrée par un exemple.
48
Chiu, Chih-Yuan, and 邱智元. "Countering knowledge risk in information system development project." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/20776148835176142571.
Повний текст джерелаАнотація:
碩士國立中山大學
資訊管理學系研究所
100
Information system development (ISD) has long been treated as the process that system developers craft an artifact to support business operation based on their special expertise. However, a significant portion of projects still have failed because the developed outcome cannot fit users’ needs or meet predefined project schedule. Given that ISD is a knowledge intensive process, a lack of sufficient knowledge has been identified as one critical risk which may harms the effectiveness of planning and control. By viewing ISD projects as a series of problem solving process in which ISD team members generate usable knowledge, based on available potential knowledge, to counter problem, this study aims at understanding how managers can adopt approaches to increase the availability of potential knowledge and build a team which can effectively transform available knowledge into usable form. Through incorporating those concepts into research design, this study proposed a model to examine the impacts of those proposed approaches. An empirical survey methodology was adopted to collect required data. PLS was then used to test the proposed research model. The results showed that problem solving competence can benefit project performance, and the organization practices, including member selection, training, knowledge management system and external resources, reduce the insufficient potential knowledge, and indicate the important moderating role of the knowledge transfer facilitators. The implications toward academic and practitioner are also provided.
49
Wu, Cheng-Lung, and 吳政龍. "Establishing Outsourcing Selection risk Model of Information System Project: The case of Medical Information System." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/ex3f6d.
Повний текст джерелаАнотація:
碩士元培科學技術學院
經營管理研究所
95
Many studies and methods used to examine project development risks assume that lowering the risks, generally, will increase the chances of project success. This study attempts to improve the chances of success by combining project risk and the multi-criteria decision-making (MCDM) with the information system project (ISP) selection model to determine the relative weights of initial risk criteria. We use the analytic network process (ANP) to calculated the risk weight values and established the best efficiency ranking in the information system vendor model. The purpose of this effort is to provide primary administrators with a project decision-making model and exacting evaluation criteria that will help them choose the best information systems organization when outsourcing.
50
Lee, Chenyi, and 李振儀. "Security Risk Evaluation for Information System of Financial Holdings." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/42873926420848041727.
Повний текст джерелаАнотація:
碩士東吳大學
資訊管理學系
101
The goal of information security risk management is to protect the confidentiality, integrity and usability of information assets. It can prevent the occurrences of information security events and then ensure the sustainable development of company. In order to understand the threat and vulnerability that information system may meet, information security risk management should be implemented continuously. If we record the threat and vulnerability in table manually and evaluate the risk, it will be time-consuming and easy to make mistake. In this paper, take financial holding for example, we analyze the information flow in a information system based on the system with cross-selling characteristics. Then take the analyzed information flow data as the input data of evaluation. Base on the structure of logistics supply chain and refer to information security risk evaluation, we can evaluate the information flow risk. The risk value is the probability of the event occurrence multiplied the impact of the event. And the probability of the event occurrence is decided by node connection type and structure. The unified impact value is transformed from curve fitting. We use MATLAB to implement the evaluation model and get the risk value by inputting source data. For enhanced module, we estimate the improved event probability, input them into module and recalculate the risk value. In addition, if the information flow nodes are changed, the risk value also can be recalculated immediately.