Prioritization of Information Assurance (IA) technology in a resource constrained environment
Loading...
Authors
Brodhun, Carl Phillip.
Subjects
Advisors
Irvine, Cynthia E.
Buettner, Raymond R.
Haga, William J.
Date of Issue
2001-12
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
Classical risk analysis is a static process that does not account for rapid evolutionary or generational changes in technology and technological solutions. This thesis defines a process that expands classical risk analysis to increase visualization of the security environment of an information system. It provides a comparative analysis of system attributes and encourages focused communications between decision-makers and information systems technicians. Personal interviews with domain experts from four organizations were used to construct a baseline model. Face validity of the model was determined during sessions with the domain experts. The model was calibrated to two specific scenarios using a pair of surveys to set link values and establish data for the initial nodes. A verification phase compared rough results from the model with expert opinion. The model evaluated, prioritized and graphically illustrated shortfalls within two information systems based on the relative importance of specific criteria established by the domain experts. It facilitated the extraction of implicit or tacit knowledge from the domain experts that would not emerge during a classical risk analysis.
Type
Thesis
Description
Series/Report No
Department
Information Technology Management
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funding
Format
xiv, 105 p. : ill. ;
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.