Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluation of quantitative assessment extensions to a qualitative riskanalysis method
Linköping University, Department of Computer and Information Science, Database and information techniques.
2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Utvärdering av kvantitativa bedömningsutvidgningar till en kvalitativ riskanalysmetod (Swedish)
Abstract [en]

The usage of information systems (IS) within organizations has become crucial. Information is one of the most vulnerable resources within an enterprise. Information can be exposed, tampered or made non-accessible, where the integrity, confidentiality or availability becomes affected. The ability to manage risks is therefore a central issue in enterprises today. In order to manage risks, the risks need to be identified and further evaluated. All kind of threats with the possibility to negatively affect the confidentiality, integrity, or availability of the organization need to be reviewed. The process of identifying and estimating risks and possible measures is called risk analysis. There are two main categories of risk analysis, qualitative and quantitative. A quantitative method involves interpreting numbers from data and is based on objective inputs. A qualitative method involves interpreting of subjective inputs such as brainstorming and interviews. A common approach is to apply a qualitative method, however a lot of criticism has been raised against using subjective inputs to assessing risks. Secure State is a consulting company with specialist expertise in the field of information security. They help their customers to build trust in the customers systems and processes, making their customers businesses operate with consideration to information security. One service offered by Secure State is risk analysis, and currently they perform qualitative risk analysis. Given all criticisms against a qualitative approach for assessing risks, this study developed a quantitative risk analysis method for Secure State. According to participants, who attended at a risk analysis where the developed quantitative risk analysis method was used, the quantitative risk analysis method improved the risk assessment. Since risks and their effects are decomposed into smaller components in the proposed quantitative risk analysis method, interpretations of risks and their meaning during assessments less likely differed. Therefore, the common understanding of a risk increases, which makes the quality of the evaluation of risks increase. Furthermore, the usage of statistical data increases in the developed quantitative risk analysis method. Additionally, the quantitative method handles the fact that all data used is imperfect. The data is imperfect since it is used to describe the future, and the future has not happened yet.

Place, publisher, year, edition, pages
2017. , p. 67
Keyword [en]
Risk analysis, Hybrid risk analysis, Quantitative risk analysis, Risk management, Risk assessment
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:liu:diva-143597ISRN: LIU-IDA/LITH-EX-A--2017/001-SEOAI: oai:DiVA.org:liu-143597DiVA, id: diva2:1164662
External cooperation
Secure State
Subject / course
Computer Engineering
Supervisors
Examiners
Available from: 2017-12-14 Created: 2017-12-11 Last updated: 2017-12-14Bibliographically approved

Open Access in DiVA

fulltext(996 kB)97 downloads
File information
File name FULLTEXT01.pdfFile size 996 kBChecksum SHA-512
2dfed1c4b968aa536cb6520b27da5ebc960271ec6d986c51a346f6b441c11944c799cf59f8e15ad7040e6773baf41ee879ca42fe7de0d30b47f82cffc34bee47
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Svensson, Louise
By organisation
Database and information techniques
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 97 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 186 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf