Title: Guttman scaling in the FMEA of IT security objectives in enterprises
Authors : Mock, Ralf Günter
Kollmann, Eva
Straumann, Hugo
Ballhaus, Corin
Proceedings: Reliability, risk, and safety : theory and applications
Pages : 1983
Pages to: 1990
Conference details: European Safety and Reliability Conference, ESREL 2009, Prague, Czech Republic, 7-10 September 2009
Publisher / Ed. Institution : Taylor & Francis
Publisher / Ed. Institution: London
Issue Date: 2009
License (according to publishing contract) : Licence according to publishing contract
Type of review: Peer review (Publication)
Language : English
Subjects : Audit; Tool; IT security; Risk assessment
Subject (DDC) : 005: Computer programming, programs and data
658.5: Production management
Abstract: On the strength of experience with risk analysis methodology in IT-operating enterprises, an approach has to be able to deal with limited resources. This prompts an analyst to perform a heuristic and biased approach, which is typically a questionnaire structured by a IT security standard. The difficulty is to draw up a limited set of concise IT security related questions, which result in meaningful outcomes for IT risk analysis purposes. In the proposed approach, the Code of Practice ISO/IEC 27002 is used to structure the analysis and to restrict the number of questions.The Code?s recommendations are rephrased and a Guttman scale is introduced for an IT security FMEA-like risk analysis approach. For frequency assessments it is assumed that an implemented high-level security measurement results in low frequencies of undesired events. The paper pictures the adapted IT-FMEA approach and presents the results of a feasibility study at Switzerland's leading telecom provider.
Departement: School of Engineering
Organisational Unit: Institute of Applied Information Technology (InIT)
Publication type: Conference Paper
ISBN: 978-0-415-55509-8
URI: https://digitalcollection.zhaw.ch/handle/11475/13316
Appears in Collections:Publikationen School of Engineering

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.