| Publikationstyp: | Konferenz: Paper |
| Art der Begutachtung: | Peer review (Publikation) |
| Titel: | ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits |
| Autor/-in: | Mock, Ralf Günter Aeschlimann, Philipp |
| Tagungsband: | Advances in safety, reliability and risk management : ESREL 2011 |
| Seite(n): | 1336 |
| Seiten bis: | 1344 |
| Angaben zur Konferenz: | European Safety and Reliability Conference (ESREL 2011), Troyes, France, 18-22 September 2011 |
| Erscheinungsdatum: | 2012 |
| Verlag / Hrsg. Institution: | Taylor & Francis |
| Verlag / Hrsg. Institution: | London |
| ISBN: | 978-0-415-68379-1 978-0-203-13510-5 |
| Sprache: | Englisch |
| Schlagwörter: | Audit; FMEA; Risk assessment; IT security |
| Fachgebiet (DDC): | 004: Informatik 658.5: Produktionssteuerung |
| Zusammenfassung: | Optimising the way of questioning in check lists offers great potential to improve the quality of risk assessment surveys of IT infrastructures at enterprises. For this, staggered lists of IT security measurements are constructed (Guttman scales) whereas the Code of Practice ISO/IEC 27002 provides the objectives and recommendations relating to information security management in this regard. The FMEA approach finally structures the overall risk analysis process. A questionnaire/survey design using this "Best Practice FMEA" enables the analyst to represent the results in the form of matrices of measurements with regard to the Code's Objectives improving statistical analysis and validity. In this paper, the statistical evaluation process uses k-means. This is a nonhierarchical clustering method which is compared with hierarchical clustering methods. With regard to applicability, the k-means approach is found easier to implement at (small and medium-sized) enterprises. The representation of results is more comprehensive for complex data bases. Apart from that, both clustering methods are equivalent as they group the Objectives in the same way. The results of a literature research show the placement of Best Practice FMEA among other IT risk assessment approaches, e.g. CRAMM and OCTAVE-S. Comparison criteria are derived from the ISO/IEC-Guide 73. It becomes apparent that Best Practice FMEA is most applicable at small-scale enterprises which are not fully covered by the other approaches. The paper finally shows the transfer of the previous paper-based approach into the novel web based tool ITRA:GUST. The concepts of tool design and software architecture are presented. The closing remarks summarise and reason the method development of Best Practice FMEA and ITRA:GUST. |
| URI: | https://digitalcollection.zhaw.ch/handle/11475/13323 |
| Volltext Version: | Publizierte Version |
| Lizenz (gemäss Verlagsvertrag): | Lizenz gemäss Verlagsvertrag |
| Departement: | School of Engineering |
| Organisationseinheit: | Institut für Informatik (InIT) |
| Enthalten in den Sammlungen: | Publikationen School of Engineering |
Dateien zu dieser Ressource:
Es gibt keine Dateien zu dieser Ressource.
Zur Langanzeige
Mock, R. G., & Aeschlimann, P. (2012). ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits [Conference paper]. Advances in Safety, Reliability and Risk Management : ESREL 2011, 1336–1344.
Mock, R.G. and Aeschlimann, P. (2012) ‘ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits’, in Advances in safety, reliability and risk management : ESREL 2011. London: Taylor & Francis, pp. 1336–1344.
R. G. Mock and P. Aeschlimann, “ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits,” in Advances in safety, reliability and risk management : ESREL 2011, 2012, pp. 1336–1344.
MOCK, Ralf Günter und Philipp AESCHLIMANN, 2012. ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits. In: Advances in safety, reliability and risk management : ESREL 2011. Conference paper. London: Taylor & Francis. 2012. S. 1336–1344. ISBN 978-0-415-68379-1
Mock, Ralf Günter, and Philipp Aeschlimann. 2012. “ITRA:GUST : The Guttman Scaling Tool for Supporting IT Risk Assessment Audits.” Conference paper. In Advances in Safety, Reliability and Risk Management : ESREL 2011, 1336–44. London: Taylor & Francis.
Mock, Ralf Günter, and Philipp Aeschlimann. “ITRA:GUST : The Guttman Scaling Tool for Supporting IT Risk Assessment Audits.” Advances in Safety, Reliability and Risk Management : ESREL 2011, Taylor & Francis, 2012, pp. 1336–44.
Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.