Change search
Refine search result
1 - 2 of 2
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Bergvall, Jacob
    et al.
    Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
    Svensson, Louise
    Linköping University, Department of Computer and Information Science. Linköping University, Faculty of Science & Engineering.
    Risk analysis review2015Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
    Abstract [en]

    The risk analysis process is the foundation of creating secure systems. An accurate and well defined risk analysis will therefore be a big help for any company, indicating what resources are needed and where they should be put to use. It can be difficult to know which risk analysis methodology to use given a set of parameters such as available resources, time, money etc. In this review we will introduce several different risk analysis methodologies and classify them using our risk analysis classification system. Our classification points out some of the pros and cons for each method, making it easier to choose the one best suited for a specific scenario. We will also connect the presented methods with real-world usage of said methods. To do this we have conducted interviews with IT-security experts at several major companies and we will present previous documented usage of risk analysis methods. Larger companies tend to develop their own methods for risk analysis, and smaller companies that do not have enough time or resources to develop their own methods are more likely to use already existing methods. With that said we believe that anyone that works with risk analysis could have use of our review.

  • 2.
    Svensson, Louise
    Linköping University, Department of Computer and Information Science, Database and information techniques.
    Evaluation of quantitative assessment extensions to a qualitative riskanalysis method2017Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
    Abstract [en]

    The usage of information systems (IS) within organizations has become crucial. Information is one of the most vulnerable resources within an enterprise. Information can be exposed, tampered or made non-accessible, where the integrity, confidentiality or availability becomes affected. The ability to manage risks is therefore a central issue in enterprises today. In order to manage risks, the risks need to be identified and further evaluated. All kind of threats with the possibility to negatively affect the confidentiality, integrity, or availability of the organization need to be reviewed. The process of identifying and estimating risks and possible measures is called risk analysis. There are two main categories of risk analysis, qualitative and quantitative. A quantitative method involves interpreting numbers from data and is based on objective inputs. A qualitative method involves interpreting of subjective inputs such as brainstorming and interviews. A common approach is to apply a qualitative method, however a lot of criticism has been raised against using subjective inputs to assessing risks. Secure State is a consulting company with specialist expertise in the field of information security. They help their customers to build trust in the customers systems and processes, making their customers businesses operate with consideration to information security. One service offered by Secure State is risk analysis, and currently they perform qualitative risk analysis. Given all criticisms against a qualitative approach for assessing risks, this study developed a quantitative risk analysis method for Secure State. According to participants, who attended at a risk analysis where the developed quantitative risk analysis method was used, the quantitative risk analysis method improved the risk assessment. Since risks and their effects are decomposed into smaller components in the proposed quantitative risk analysis method, interpretations of risks and their meaning during assessments less likely differed. Therefore, the common understanding of a risk increases, which makes the quality of the evaluation of risks increase. Furthermore, the usage of statistical data increases in the developed quantitative risk analysis method. Additionally, the quantitative method handles the fact that all data used is imperfect. The data is imperfect since it is used to describe the future, and the future has not happened yet.

1 - 2 of 2
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf