Publication type: Conference paper
Type of review: Peer review (publication)
Title: A second chance for risk assessment in IT system analysis?
Authors: Mock, Ralf Günter
Straumann, Hugo
Fischer, Andreas
Proceedings: Safety, reliability and risk analysis : beyond the horizon
Page(s): 2237
Pages to: 2244
Conference details: European Safety and Reliability Conference (ESREL 2013), Amsterdam, Netherlands, 30 September - 2 October 2013
Issue Date: 2014
Publisher / Ed. Institution: Taylor & Francis
Publisher / Ed. Institution: London
ISBN: 978-1-138-00123-7
Language: English
Subjects: Risikoanalyse; IT security
Subject (DDC): 004: Computer science
Abstract: Engineering risk assessment approaches look back on a longtime success story. This development has not been repeated in Information Technology (IT). The paper outlines the diverging development of (risk) analysis as driven by operators of sites and of IT infrastructures. The limitation of IT approaches is exemplified by the IT trend of Bring Your Own Device at enterprises. There, Chief Information Officers (CIO) are key persons when deciding about usage and acceptance of any evaluation  procedures. IT compliance checks and risk assessment approaches are discussed. In order to overcome their emerging weaknesses in the field, a two stage procedure in IT risk assessment is suggested: It starts with IT compliance checks to ensure basic protection of IT system operation. Second, a FMEA-like approach is adapted to cover non-standard processes further structured by engineering safety principles as Defence-in-Depth. The pros and cons of the procedure are discussed.
Fulltext version: Published version
License (according to publishing contract): Licence according to publishing contract
Departement: School of Engineering
Organisational Unit: Institute of Applied Information Technology (InIT)
Appears in collections:Publikationen School of Engineering

Files in This Item:
There are no files associated with this item.

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.