Publikationstyp: Konferenz: Paper
Art der Begutachtung: Peer review (Publikation)
Titel: IT risk audit tool to enhance IT risk assessments
Autor/-in: Mock, Ralf Günter
Truninger, Benjamin
Brunner, Patrick
Pociuipa, Giedrius
Tagungsband: Safety and reliability of complex engineered systems : ESREL 2015
Seiten: 4029
Seiten bis: 4036
Angaben zur Konferenz: 25th European Safety and Reliability Conference (ESREL 2015), Zurich, 7-10 September 2015
Erscheinungsdatum: 2015
Verlag / Hrsg. Institution: Taylor & Francis
Verlag / Hrsg. Institution: London
ISBN: 978-1-138-02879-1
978-1-315-64841-5
Sprache: Englisch
Schlagwörter: Risikoaudit; Informationstechnik; Risiko
Fachgebiet (DDC): 004: Informatik
Zusammenfassung: The risk assessment methodology offers many approaches to analyse systems of any kind. However, the established approaches do not fit very well to needs, resources and business frame work of IT operating enterprises, e.g., when offering internet based services in payment transaction industry. The paper introduces a supporting IT Risk Assessment methodology to evaluate and prioritise risks of complex business processes implemented as software systems. The resultant IT Risk Assessment Audit Tool is intended to support the semi-automated audit of a business process implemented in Java or any object oriented language (source code). It analyses the source code and calculates likelihood and risk indicators based on UML classes. For this, the tool collects different complexity metrics for each class, calculates weighted indicators, accepts impact and mitigation inputs and displays the result in a prioritised list. The paper outlines fundamental concepts and calculations for IT risk evaluation by using UML Class Diagrams and software complexity metrics. Pros and cons of approach and tool are discussed.
URI: https://digitalcollection.zhaw.ch/handle/11475/13317
Volltext Version: Publizierte Version
Lizenz (gemäss Verlagsvertrag): Lizenz gemäss Verlagsvertrag
Departement: School of Engineering
Organisationseinheit: Institut für Angewandte Informationstechnologie (InIT)
Enthalten in den Sammlungen:Publikationen School of Engineering

Dateien zu dieser Ressource:
Es gibt keine Dateien zu dieser Ressource.


Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.