Developing Cost And Risk Assessment Tool For Hybrid Approach In Information Security Risk Analysis

• Main Author: Mohd Zabawi, Ahmed Yaser
• Format: Thesis
• Language: English; English
• Published: 2019
• Subjects: QA Mathematics; QA76 Computer software
• Online Access: http://eprints.utem.edu.my/id/eprint/24697/; https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=116960

Identifying potential information security risk is a challenging task which is due to modernization and new technologies which introduce possible threats to various type of digital system. Many studies proved that the current risk analysis tools are not able to analyze the threats well. It is a must for an organization to choose the suitable methods for better analysis. There are four key elements that need to be considered which are security threats, business impact, security measures and their cost. There are many existing risk analysis tools that were developed such as ISRAM and CORAS that have same purpose, which is to reduce the risk of causing a threat, however these tools used different approach to analyses the risk. The main focus of this study is to develop a new risk analysis tool based on hybrid approach and compare it with the existing tool. The proposed risk analysis tool is known as Cost and Risk Assessment tool (CARA) aims to trace the threats by combining both qualitative and quantitative methods, where both of these methods have their respective advantages for analyzing the information. CARA used Monte Carlo method where it applied probability theory in cost estimation. The results from the study show that the qualitative information could increase the dimension of risk factors and produce better accuracy in the analysis.