An Investigation and Evaluation of Risk Assessment Methods in Information systems

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/215536
Download file(s):
File Description SizeFormat 
215536.pdfFulltext3.16 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: An Investigation and Evaluation of Risk Assessment Methods in Information systems
Authors: Chen, Feiquan
Abstract: As technology develops and information society becomes more and more popular, information systems are involved in almost every aspect of people’s life. One recent example is the uprising concept “Internet of things” that almost tries to solve everything within network and technology. With the convenience and benefits technology brings to us, risks also follow and threaten the environment we are enjoying. Wikileaks, NSA and Snowden, etc, those big dramas should make us more alert of those security issues and risks that we might encounter with information systems. In order to foresee the potential risks, predict the consequences and prepare the possible countermeasures, an exhaustive review into the risk assessment mechanisms we have today is needed. There are mainly three existing risk assessment methods: quantitative approach, qualitative approach and combined approach. This thesis makes a survey of the existing risk assessment methods (8 management tools, 2 technical tools, and 9 basic methods). It performs a comprehensive analysis and comparison between the different approaches, this involve reconstructing and grouping the surveyed methods according to their important factors, processing methods, and application environment. The weaknesses and benefits of the surveyed methods are discussed, and a risk assessment classification framework is proposed, dealing with risk assessment decision making or other related scenarios. Further, a systematic method is presented as an elaborate solution in the risk assessment field. Finally, the result of the study is considered in the broad picture of the risk assessment process design and implementation.
Keywords: Informations- och kommunikationsteknik;Data- och informationsvetenskap;Information & Communication Technology;Computer and Information Science
Issue Date: 2015
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/215536
Collection:Examensarbeten för masterexamen // Master Theses



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.