| Publication type: | Conference paper |
| Type of review: | Peer review (publication) |
| Title: | ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits |
| Authors: | Mock, Ralf Günter Aeschlimann, Philipp |
| Proceedings: | Advances in safety, reliability and risk management : ESREL 2011 |
| Page(s): | 1336 |
| Pages to: | 1344 |
| Conference details: | European Safety and Reliability Conference (ESREL 2011), Troyes, France, 18-22 September 2011 |
| Issue Date: | 2012 |
| Publisher / Ed. Institution: | Taylor & Francis |
| Publisher / Ed. Institution: | London |
| ISBN: | 978-0-415-68379-1 978-0-203-13510-5 |
| Language: | English |
| Subjects: | Audit; FMEA; Risk assessment; IT security |
| Subject (DDC): | 004: Computer science 658.5: Production management |
| Abstract: | Optimising the way of questioning in check lists offers great potential to improve the quality of risk assessment surveys of IT infrastructures at enterprises. For this, staggered lists of IT security measurements are constructed (Guttman scales) whereas the Code of Practice ISO/IEC 27002 provides the objectives and recommendations relating to information security management in this regard. The FMEA approach finally structures the overall risk analysis process. A questionnaire/survey design using this "Best Practice FMEA" enables the analyst to represent the results in the form of matrices of measurements with regard to the Code's Objectives improving statistical analysis and validity. In this paper, the statistical evaluation process uses k-means. This is a nonhierarchical clustering method which is compared with hierarchical clustering methods. With regard to applicability, the k-means approach is found easier to implement at (small and medium-sized) enterprises. The representation of results is more comprehensive for complex data bases. Apart from that, both clustering methods are equivalent as they group the Objectives in the same way. The results of a literature research show the placement of Best Practice FMEA among other IT risk assessment approaches, e.g. CRAMM and OCTAVE-S. Comparison criteria are derived from the ISO/IEC-Guide 73. It becomes apparent that Best Practice FMEA is most applicable at small-scale enterprises which are not fully covered by the other approaches. The paper finally shows the transfer of the previous paper-based approach into the novel web based tool ITRA:GUST. The concepts of tool design and software architecture are presented. The closing remarks summarise and reason the method development of Best Practice FMEA and ITRA:GUST. |
| URI: | https://digitalcollection.zhaw.ch/handle/11475/13323 |
| Fulltext version: | Published version |
| License (according to publishing contract): | Licence according to publishing contract |
| Departement: | School of Engineering |
| Organisational Unit: | Institute of Computer Science (InIT) |
| Appears in collections: | Publikationen School of Engineering |
Files in This Item:
There are no files associated with this item.
Show full item record
Mock, R. G., & Aeschlimann, P. (2012). ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits [Conference paper]. Advances in Safety, Reliability and Risk Management : ESREL 2011, 1336–1344.
Mock, R.G. and Aeschlimann, P. (2012) ‘ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits’, in Advances in safety, reliability and risk management : ESREL 2011. London: Taylor & Francis, pp. 1336–1344.
R. G. Mock and P. Aeschlimann, “ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits,” in Advances in safety, reliability and risk management : ESREL 2011, 2012, pp. 1336–1344.
MOCK, Ralf Günter und Philipp AESCHLIMANN, 2012. ITRA:GUST : the Guttman scaling tool for supporting IT risk assessment audits. In: Advances in safety, reliability and risk management : ESREL 2011. Conference paper. London: Taylor & Francis. 2012. S. 1336–1344. ISBN 978-0-415-68379-1
Mock, Ralf Günter, and Philipp Aeschlimann. 2012. “ITRA:GUST : The Guttman Scaling Tool for Supporting IT Risk Assessment Audits.” Conference paper. In Advances in Safety, Reliability and Risk Management : ESREL 2011, 1336–44. London: Taylor & Francis.
Mock, Ralf Günter, and Philipp Aeschlimann. “ITRA:GUST : The Guttman Scaling Tool for Supporting IT Risk Assessment Audits.” Advances in Safety, Reliability and Risk Management : ESREL 2011, Taylor & Francis, 2012, pp. 1336–44.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.