Publication type: Conference paper
Type of review: Peer review (publication)
Title: IT risk audit tool to enhance IT risk assessments
Authors: Mock, Ralf Günter
Truninger, Benjamin
Brunner, Patrick
Pociuipa, Giedrius
Proceedings: Safety and reliability of complex engineered systems : ESREL 2015
Pages: 4029
Pages to: 4036
Conference details: 25th European Safety and Reliability Conference (ESREL 2015), Zurich, 7-10 September 2015
Issue Date: 2015
Publisher / Ed. Institution: Taylor & Francis
Publisher / Ed. Institution: London
ISBN: 978-1-138-02879-1
978-1-315-64841-5
Language: English
Subjects: Risikoaudit; Informationstechnik; Risiko
Subject (DDC): 004: Computer science
Abstract: The risk assessment methodology offers many approaches to analyse systems of any kind. However, the established approaches do not fit very well to needs, resources and business frame work of IT operating enterprises, e.g., when offering internet based services in payment transaction industry. The paper introduces a supporting IT Risk Assessment methodology to evaluate and prioritise risks of complex business processes implemented as software systems. The resultant IT Risk Assessment Audit Tool is intended to support the semi-automated audit of a business process implemented in Java or any object oriented language (source code). It analyses the source code and calculates likelihood and risk indicators based on UML classes. For this, the tool collects different complexity metrics for each class, calculates weighted indicators, accepts impact and mitigation inputs and displays the result in a prioritised list. The paper outlines fundamental concepts and calculations for IT risk evaluation by using UML Class Diagrams and software complexity metrics. Pros and cons of approach and tool are discussed.
URI: https://digitalcollection.zhaw.ch/handle/11475/13317
Fulltext version: Published version
License (according to publishing contract): Licence according to publishing contract
Departement: School of Engineering
Organisational Unit: Institute of Applied Information Technology (InIT)
Appears in collections:Publikationen School of Engineering

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.