An Investigation and Evaluation of Risk Assessment Methods in Information systems

dc.contributor.authorChen, Feiquan
dc.contributor.departmentChalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)sv
dc.contributor.departmentChalmers University of Technology / Department of Computer Science and Engineering (Chalmers)en
dc.description.abstractAs technology develops and information society becomes more and more popular, information systems are involved in almost every aspect of people’s life. One recent example is the uprising concept “Internet of things” that almost tries to solve everything within network and technology. With the convenience and benefits technology brings to us, risks also follow and threaten the environment we are enjoying. Wikileaks, NSA and Snowden, etc, those big dramas should make us more alert of those security issues and risks that we might encounter with information systems. In order to foresee the potential risks, predict the consequences and prepare the possible countermeasures, an exhaustive review into the risk assessment mechanisms we have today is needed. There are mainly three existing risk assessment methods: quantitative approach, qualitative approach and combined approach. This thesis makes a survey of the existing risk assessment methods (8 management tools, 2 technical tools, and 9 basic methods). It performs a comprehensive analysis and comparison between the different approaches, this involve reconstructing and grouping the surveyed methods according to their important factors, processing methods, and application environment. The weaknesses and benefits of the surveyed methods are discussed, and a risk assessment classification framework is proposed, dealing with risk assessment decision making or other related scenarios. Further, a systematic method is presented as an elaborate solution in the risk assessment field. Finally, the result of the study is considered in the broad picture of the risk assessment process design and implementation.
dc.subjectInformations- och kommunikationsteknik
dc.subjectData- och informationsvetenskap
dc.subjectInformation & Communication Technology
dc.subjectComputer and Information Science
dc.titleAn Investigation and Evaluation of Risk Assessment Methods in Information systems
dc.type.degreeExamensarbete för masterexamensv
dc.type.degreeMaster Thesisen
local.programmeComputer systems and networks (MPCSN), MSc
Ladda ner
Original bundle
Visar 1 - 1 av 1
Bild (thumbnail)
3.09 MB
Adobe Portable Document Format