Publikationstyp: | Konferenz: Paper |
Art der Begutachtung: | Peer review (Publikation) |
Titel: | Guttman scaling in the FMEA of IT security objectives in enterprises |
Autor/-in: | Mock, Ralf Günter Kollmann, Eva Straumann, Hugo Ballhaus, Corin |
Tagungsband: | Reliability, risk, and safety : theory and applications |
Seite(n): | 1983 |
Seiten bis: | 1990 |
Angaben zur Konferenz: | European Safety and Reliability Conference (ESREL 2009), Prague, Czech Republic, 7-10 September 2009 |
Erscheinungsdatum: | 2009 |
Verlag / Hrsg. Institution: | Taylor & Francis |
Verlag / Hrsg. Institution: | London |
ISBN: | 978-0-415-55509-8 |
Sprache: | Englisch |
Schlagwörter: | Audit; Tool; IT security; Risk assessment |
Fachgebiet (DDC): | 005: Computerprogrammierung, Programme und Daten 658.5: Produktionssteuerung |
Zusammenfassung: | On the strength of experience with risk analysis methodology in IT-operating enterprises, an approach has to be able to deal with limited resources. This prompts an analyst to perform a heuristic and biased approach, which is typically a questionnaire structured by a IT security standard. The difficulty is to draw up a limited set of concise IT security related questions, which result in meaningful outcomes for IT risk analysis purposes. In the proposed approach, the Code of Practice ISO/IEC 27002 is used to structure the analysis and to restrict the number of questions. The Code’s recommendations are rephrased and a Guttman scale is introduced for an IT security FMEA-like risk analysis approach. For frequency assessments it is assumed that an implemented high-level security measurement results in low frequencies of undesired events. The paper pictures the adapted IT-FMEA approach and presents the results of a feasibility study at Switzerland's leading telecom provider. |
URI: | https://digitalcollection.zhaw.ch/handle/11475/13316 |
Volltext Version: | Publizierte Version |
Lizenz (gemäss Verlagsvertrag): | Lizenz gemäss Verlagsvertrag |
Departement: | School of Engineering |
Organisationseinheit: | Institut für Informatik (InIT) |
Enthalten in den Sammlungen: | Publikationen School of Engineering |
Dateien zu dieser Ressource:
Es gibt keine Dateien zu dieser Ressource.
Zur Langanzeige
Mock, R. G., Kollmann, E., Straumann, H., & Ballhaus, C. (2009). Guttman scaling in the FMEA of IT security objectives in enterprises [Conference paper]. Reliability, Risk, and Safety : Theory and Applications, 1983–1990.
Mock, R.G. et al. (2009) ‘Guttman scaling in the FMEA of IT security objectives in enterprises’, in Reliability, risk, and safety : theory and applications. London: Taylor & Francis, pp. 1983–1990.
R. G. Mock, E. Kollmann, H. Straumann, and C. Ballhaus, “Guttman scaling in the FMEA of IT security objectives in enterprises,” in Reliability, risk, and safety : theory and applications, 2009, pp. 1983–1990.
MOCK, Ralf Günter, Eva KOLLMANN, Hugo STRAUMANN und Corin BALLHAUS, 2009. Guttman scaling in the FMEA of IT security objectives in enterprises. In: Reliability, risk, and safety : theory and applications. Conference paper. London: Taylor & Francis. 2009. S. 1983–1990. ISBN 978-0-415-55509-8
Mock, Ralf Günter, Eva Kollmann, Hugo Straumann, and Corin Ballhaus. 2009. “Guttman Scaling in the FMEA of IT Security Objectives in Enterprises.” Conference paper. In Reliability, Risk, and Safety : Theory and Applications, 1983–90. London: Taylor & Francis.
Mock, Ralf Günter, et al. “Guttman Scaling in the FMEA of IT Security Objectives in Enterprises.” Reliability, Risk, and Safety : Theory and Applications, Taylor & Francis, 2009, pp. 1983–90.
Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.