Change search
ReferencesLink to record
Permanent link

Direct link
Creation of a Risk Assessment Methodology
KTH, School of Industrial Engineering and Management (ITM), Industrial Ecology.
2007 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

This report is a presentation of the work realised during an internship at the consultancy division of Thales Security Systems from September 2005 to June 2006. Thales Security Systems is part of Thales, an international group in defence, aeronautics, etc.

The work realised consisted in the creation of a new risk assessment methodology for a commercial offer called HELP, standing for Human, Environmental, Logical and Physical security. As a basis for the work, 5 existing risk assessment methodologies were studied, summed up and analysed:

- Integrated security risk assessment: a methodology created by Thales Security Systems but not used because of its complexity

- Ebios: a whole risk assessment methodology created by the French government

- Marion: more or less an audit questionnaire

- Audit questionnaire ISO 17799: an audit questionnaire created by Thales Security Systems

- A confidential methodology: a methodology of another company with interesting concepts So as to complete this first work, many interviews were realised with specialists in risk assessment and strategy:

- Counter-admiral Girard who insisted on the preliminary task of the definition of the mission and its limits, the return of experience as well as on the security frame of mind

- Guy Dubois for the maintenance of the security level year after year

- Thomas Lebouc for the tools used to apply the methodology

- Gérard Pesch regarding the commercial offer

- Yves le Dauphin for the human issues Afterwards, the different advantages and drawbacks of the studied methodologies have been studied so as to determine the essential characteristics that were necessary to have in the new methodology The new methodology has thus been created taking into account all these advantages, drawbacks and pieces of advice. The new methodology is a five step methodology:

- Definition of the mission and its limits: determination of the objectives of the mission and its perimeter

- General analysis of the system: study of the system in its environment

- Risk analysis: determination of the threats, assets and Vulnerabilities

- Protection standards: determination of the protection measures to implement

- Budget, action plans and implementation So as to apply the methodology, several tools have been created. They are necessary for the good running of the methodology as they help to show results in a clear way. These tools are for example, a risk analysis board, a vulnerability audit questionnaire, diagrams, or protection standard sheets.

Place, publisher, year, edition, pages
2007. , 64 p.
Series
Trita-IM, ISSN 1402-7615 ; 2007:13
National Category
Social Sciences Interdisciplinary
Identifiers
URN: urn:nbn:se:kth:diva-32801OAI: oai:DiVA.org:kth-32801DiVA: diva2:411977
Uppsok
Technology
Supervisors
Examiners
Note
www.ima.kth.seAvailable from: 2011-05-05 Created: 2011-04-20 Last updated: 2011-05-05Bibliographically approved

Open Access in DiVA

fulltext(829 kB)549 downloads
File information
File name FULLTEXT01.pdfFile size 829 kBChecksum SHA-512
da503af1f678438ad8161ef2d146c460a51ed6e8cbfba22b6e27c77920333b3da67e2063e77a9b916d1f026a5237f42492d7263b9d1fc9f18a6cf690a969601a
Type fulltextMimetype application/pdf

By organisation
Industrial Ecology
Social Sciences Interdisciplinary

Search outside of DiVA

GoogleGoogle Scholar
Total: 549 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 131 hits
ReferencesLink to record
Permanent link

Direct link