Management of information system risks

Management of information system risks

Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Salvati, Domenico 1968- (VerfasserIn)
Format: Abschlussarbeit Buch
Sprache:English
Veröffentlicht: Berlin Dissertation.de 2009
Schriftenreihe:Dissertation.de 1550
Schlagworte:
Unternehmen - Managementinformationssystem - Computersicherheit - Risikomanagement
Unternehmen
Risikomanagement
Computersicherheit
Managementinformationssystem
Hochschulschrift
Online-Zugang:Inhaltstext
Ausführliche Beschreibung
Inhaltsverzeichnis
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!

MARC

LEADER 00000nam a2200000 cb4500
001 BV035738138
003 DE-604
005 20091111
007 t|
008 090923s2009 gw d||| m||| 00||| eng d
015 |a 09,N36,0415  |2 dnb 
016 7 |a 995975035  |2 DE-101 
020 |a 9783866244504  |c PB. : EUR 49.90  |9 978-3-86624-450-4 
024 3 |a 9783866244504 
035 |a (OCoLC)553592719 
035 |a (DE-599)DNB995975035 
040 |a DE-604  |b ger  |e rakddb 
041 0 |a eng 
044 |a gw  |c XA-DE-BE 
049 |a DE-355 
082 0 |a 658.478  |2 22/ger 
084 |a QP 345  |0 (DE-625)141866:  |2 rvk 
084 |a 330  |2 sdnb 
100 1 |a Salvati, Domenico  |d 1968-  |e Verfasser  |0 (DE-588)139117644  |4 aut 
245 1 0 |a Management of information system risks  |c by Domenico Salvati 
264 1 |a Berlin  |b Dissertation.de  |c 2009 
300 |a XVI, 229 S.  |b graph. Darst. 
336 |b txt  |2 rdacontent 
337 |b n  |2 rdamedia 
338 |b nc  |2 rdacarrier 
490 1 |a Dissertation.de  |v 1550 
502 |a Zugl.: Zürich, Techn. Hochsch., Diss, 2008 
650 4 |a Unternehmen - Managementinformationssystem - Computersicherheit - Risikomanagement 
650 0 7 |a Unternehmen  |0 (DE-588)4061963-1  |2 gnd  |9 rswk-swf 
650 0 7 |a Risikomanagement  |0 (DE-588)4121590-4  |2 gnd  |9 rswk-swf 
650 0 7 |a Computersicherheit  |0 (DE-588)4274324-2  |2 gnd  |9 rswk-swf 
650 0 7 |a Managementinformationssystem  |0 (DE-588)4074518-1  |2 gnd  |9 rswk-swf 
655 7 |0 (DE-588)4113937-9  |a Hochschulschrift  |2 gnd-content 
689 0 0 |a Unternehmen  |0 (DE-588)4061963-1  |D s 
689 0 1 |a Managementinformationssystem  |0 (DE-588)4074518-1  |D s 
689 0 2 |a Computersicherheit  |0 (DE-588)4274324-2  |D s 
689 0 3 |a Risikomanagement  |0 (DE-588)4121590-4  |D s 
689 0 |5 DE-604 
830 0 |a Dissertation.de  |v 1550  |w (DE-604)BV021464926  |9 1550 
856 4 2 |q text/html  |u http://deposit.dnb.de/cgi-bin/dokserv?id=3345054&prov=M&dok_var=1&dok_ext=htm  |3 Inhaltstext 
856 4 2 |q text/html  |u http://www.dissertation.de/buch.php3?buch=5953  |3 Ausführliche Beschreibung 
856 4 2 |m Digitalisierung UB Regensburg  |q application/pdf  |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=018014599&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA  |3 Inhaltsverzeichnis 
943 1 |a oai:aleph.bib-bvb.de:BVB01-018014599 

Datensatz im Suchindex

DE-BY-UBR_call_number 40/QP 345 S182
DE-BY-UBR_katkey 4529121
DE-BY-UBR_location 40
DE-BY-UBR_media_number 069037195499
_version_ 1822735424099975168
adam_text Table of Contents Chapter 1 — Problem Statement.....................................................................................1 1.1 Risk Terminology Primer...................................................................................1 1.2 General Security Context of Global Companies ................................................. З 1.3 Attackers and Attacks .........................................................................................5 1.4 Motivation ...........................................................................................................8 1.5 Everglades of IS Risk ........................................................................................10 1.6 Objectives and Benefit ......................................................................................14 1.7 Outline of Thesis ...............................................................................................15 Chapter 2 — Risks in Information Systems ..................................................................16 2.1 Nature of IS Risks .............................................................................................16 2.2 Risk Terminology .............................................................................................22 2.3 State-of-the-Art .................................................................................................30 Chapter 3 — Process and Function Modules ................................................................34 3.1 Overview of the Process Module ......................................................................34 3.2 Assets and Events in a Business and Information System Context ..................35 3.3 Scenarios in the Process Module ......................................................................38 3.4 Example of a Scenario —Jim Cracker ............................,..................................42 3.5 Probabilities in the Process Module ..................................................................46 3.6 Overview of the Function Module ....................................................................47 3.7 Probabilistic Concept of the Function Module .................................................48 3.8 Example: Brute Force Attacks on an Encrypted Password File .......................49 3.9 Success Probability of Threats Overcoming Security Mechanisms .................54 3.10 Results ...............................................................................................................61 Chapter 4 — Influence Module ......................................................................................63 4.1 Influence and Governance Problems ................................................................63 4.2 Standard Methods for Correlation Analysis .....................................................65 4.3 Displaying Security Information in Data Tables ..............................................70 4.4 Classifying Branches by Set Approximation ....................................................73 4.5 Dependency among Security Processes ............................................................76 4.6 Dispensability of Security Processes ................................................................80 4.7 Significance of Security Processes ...................................................................81 4.8 Results ............................................................................................................... δζ Chapter 5 — Decision Module ........................................................................................ °* 5.1 Decision Problem .............................................................................................. S 5.2 Value at Risk and Analytical Hierarchy Process .............................................. 85 5.3 Decision Situation in IS Risk Management ...................................................... 88 5.4 Using the Graphical Notation of the Process Module ...................................... 8^ 5.5 Using the Five Axioms of Utility Theory in IS Risk Management ..................92 5.6 Determining the Maximum Price for a Risks Analysis ....................................93 5.7 Application Example ........................................................................................ ° 5.8 Results ............................................................................................................. 10° Chapter 6 — Overall Model .......................................................................................... 101 6.1 Decision Module ............................................................................................. 1°1 6.2 Influence Module ............................................................................................ 103 6.3 Function Module ............................................................................................. ľ 6.4 Process Module ............................................................................................... 1°5 6.5 Overall Model ................................................................................................. 106 6.6 Ten Steps to Applying the Four Modules ....................................................... W8 Chapter 7 — Case Study on Phishing .......................................................................... 110 7.1 State-of-the-Art of Phishing Attacks ..............................................................11° 7.2 Process Module: Scenarios in an Information System Context ......................114 7.3 Function Module: Frequencies and Probabilities ...........................................123 7.4 Influence Module: Influence of the Context on Security Mechanisms ..........137 7.5 Decision Module: Selection of Security Mechanisms ....................................151 Chapter 8 — Conclusion and Outlook .........................................................................157 8.1 Benefits of and Limitations to the Four Modules ...........................................157 8.2 Practical Implementation ................................................................................ 163 8.3 Further Work ...................................................................................................164 8.4 Concluding Remarks .......................................................................................165 Bibliography ...................................................................................................................166 Appendix A: Threat Modeling ........................................................................................179 Appendix B: Calculations in the Function Module ........................................................182 Appendix C: Introduction to Rough Sets Theory (RST) ................................................188 Appendix D: Applying RST Rule Extraction to Security Information ...........................192 Appendix E: Howard s Decision Model .........................................................................197 Appendix F: Classic Phishing Scenario ..........................................................................207 Appendix G: Phishing with Malicious Software ............................................................212 Appendix H: Curve Fitting for Threats and Security Mechanisms ................................217 Appendix J: Probability Simulation ...............................................................................219 Appendix K: Lognormal Distribution .............................................................................223 Appendix L: Success Probabilities of Phishing Attacks (Internal Notification) ............224 Appendix M: Risk Preferences .......................................................................................226 Appendix N: The Allais Paradox ....................................................................................228
any_adam_object 1
author Salvati, Domenico 1968-
author_GND (DE-588)139117644
author_facet Salvati, Domenico 1968-
author_role aut
author_sort Salvati, Domenico 1968-
author_variant d s ds
building Verbundindex
bvnumber BV035738138
classification_rvk QP 345
ctrlnum (OCoLC)553592719
(DE-599)DNB995975035
dewey-full 658.478
dewey-hundreds 600 - Technology (Applied sciences)
dewey-ones 658 - General management
dewey-raw 658.478
dewey-search 658.478
dewey-sort 3658.478
dewey-tens 650 - Management and auxiliary services
discipline Wirtschaftswissenschaften
format Thesis
Book
fullrecord <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>02327nam a2200541 cb4500</leader><controlfield tag="001">BV035738138</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20091111 </controlfield><controlfield tag="007">t|</controlfield><controlfield tag="008">090923s2009 gw d||| m||| 00||| eng d</controlfield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">09,N36,0415</subfield><subfield code="2">dnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">995975035</subfield><subfield code="2">DE-101</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9783866244504</subfield><subfield code="c">PB. : EUR 49.90</subfield><subfield code="9">978-3-86624-450-4</subfield></datafield><datafield tag="024" ind1="3" ind2=" "><subfield code="a">9783866244504</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)553592719</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DNB995975035</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakddb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">gw</subfield><subfield code="c">XA-DE-BE</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-355</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.478</subfield><subfield code="2">22/ger</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">QP 345</subfield><subfield code="0">(DE-625)141866:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">330</subfield><subfield code="2">sdnb</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Salvati, Domenico</subfield><subfield code="d">1968-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)139117644</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Management of information system risks</subfield><subfield code="c">by Domenico Salvati</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Berlin</subfield><subfield code="b">Dissertation.de</subfield><subfield code="c">2009</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XVI, 229 S.</subfield><subfield code="b">graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="1" ind2=" "><subfield code="a">Dissertation.de</subfield><subfield code="v">1550</subfield></datafield><datafield tag="502" ind1=" " ind2=" "><subfield code="a">Zugl.: Zürich, Techn. Hochsch., Diss, 2008</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Unternehmen - Managementinformationssystem - Computersicherheit - Risikomanagement</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Unternehmen</subfield><subfield code="0">(DE-588)4061963-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Managementinformationssystem</subfield><subfield code="0">(DE-588)4074518-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="655" ind1=" " ind2="7"><subfield code="0">(DE-588)4113937-9</subfield><subfield code="a">Hochschulschrift</subfield><subfield code="2">gnd-content</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Unternehmen</subfield><subfield code="0">(DE-588)4061963-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Managementinformationssystem</subfield><subfield code="0">(DE-588)4074518-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="3"><subfield code="a">Risikomanagement</subfield><subfield code="0">(DE-588)4121590-4</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="830" ind1=" " ind2="0"><subfield code="a">Dissertation.de</subfield><subfield code="v">1550</subfield><subfield code="w">(DE-604)BV021464926</subfield><subfield code="9">1550</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="q">text/html</subfield><subfield code="u">http://deposit.dnb.de/cgi-bin/dokserv?id=3345054&amp;prov=M&amp;dok_var=1&amp;dok_ext=htm</subfield><subfield code="3">Inhaltstext</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="q">text/html</subfield><subfield code="u">http://www.dissertation.de/buch.php3?buch=5953</subfield><subfield code="3">Ausführliche Beschreibung</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Regensburg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&amp;doc_library=BVB01&amp;local_base=BVB01&amp;doc_number=018014599&amp;sequence=000002&amp;line_number=0001&amp;func_code=DB_RECORDS&amp;service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-018014599</subfield></datafield></record></collection>
genre (DE-588)4113937-9 Hochschulschrift gnd-content
genre_facet Hochschulschrift
id DE-604.BV035738138
illustrated Illustrated
indexdate 2024-12-23T22:27:53Z
institution BVB
isbn 9783866244504
language English
oai_aleph_id oai:aleph.bib-bvb.de:BVB01-018014599
oclc_num 553592719
open_access_boolean
owner DE-355
DE-BY-UBR
owner_facet DE-355
DE-BY-UBR
physical XVI, 229 S. graph. Darst.
publishDate 2009
publishDateSearch 2009
publishDateSort 2009
publisher Dissertation.de
record_format marc
series Dissertation.de
series2 Dissertation.de
spellingShingle Salvati, Domenico 1968-
Management of information system risks
Dissertation.de
Unternehmen - Managementinformationssystem - Computersicherheit - Risikomanagement
Unternehmen (DE-588)4061963-1 gnd
Risikomanagement (DE-588)4121590-4 gnd
Computersicherheit (DE-588)4274324-2 gnd
Managementinformationssystem (DE-588)4074518-1 gnd
subject_GND (DE-588)4061963-1
(DE-588)4121590-4
(DE-588)4274324-2
(DE-588)4074518-1
(DE-588)4113937-9
title Management of information system risks
title_auth Management of information system risks
title_exact_search Management of information system risks
title_full Management of information system risks by Domenico Salvati
title_fullStr Management of information system risks by Domenico Salvati
title_full_unstemmed Management of information system risks by Domenico Salvati
title_short Management of information system risks
title_sort management of information system risks
topic Unternehmen - Managementinformationssystem - Computersicherheit - Risikomanagement
Unternehmen (DE-588)4061963-1 gnd
Risikomanagement (DE-588)4121590-4 gnd
Computersicherheit (DE-588)4274324-2 gnd
Managementinformationssystem (DE-588)4074518-1 gnd
topic_facet Unternehmen - Managementinformationssystem - Computersicherheit - Risikomanagement
Unternehmen
Risikomanagement
Computersicherheit
Managementinformationssystem
Hochschulschrift
url http://deposit.dnb.de/cgi-bin/dokserv?id=3345054&prov=M&dok_var=1&dok_ext=htm
http://www.dissertation.de/buch.php3?buch=5953
http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=018014599&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
volume_link (DE-604)BV021464926
work_keys_str_mv AT salvatidomenico managementofinformationsystemrisks

Ähnliche Einträge