Prioritization of Information Assurance (IA) technology in a resource constrained environment
Brodhun, Carl Phillip.
Irvine, Cynthia E.
Buettner, Raymond R.
Haga, William J.
MetadataShow full item record
Classical risk analysis is a static process that does not account for rapid evolutionary or generational changes in technology and technological solutions. This thesis defines a process that expands classical risk analysis to increase visualization of the security environment of an information system. It provides a comparative analysis of system attributes and encourages focused communications between decision-makers and information systems technicians. Personal interviews with domain experts from four organizations were used to construct a baseline model. Face validity of the model was determined during sessions with the domain experts. The model was calibrated to two specific scenarios using a pair of surveys to set link values and establish data for the initial nodes. A verification phase compared rough results from the model with expert opinion. The model evaluated, prioritized and graphically illustrated shortfalls within two information systems based on the relative importance of specific criteria established by the domain experts. It facilitated the extraction of implicit or tacit knowledge from the domain experts that would not emerge during a classical risk analysis.
Showing items related by title, author, creator and subject.
Rowe, Neil C. (Monterey, California. Naval Postgraduate School, 1989-02);Indirect logical inferences can provide a significant security threat to information processing systems, but they have not been much studied. Classification of data can reduce the threat, but classification decisions ...
Current, Michael; Gilbert, David; Golden, Bruce; Lennartz, John; Real Consultants - Real Results, Ltd. (Monterey, California. Naval Postgraduate School, 2007-09);EXECUTIVE SUMMARY: Commonly shared situational awareness is essential to the success of almost any team endeavor. Many information networks and processes in the military environment are specifically designed to collect, ...
Hibshi, Hanan; Breaux, Travis (Monterey, California. Naval Postgraduate School, 2019-03-07); CMU-IT-18-227Department of Defense (DoD) information assurance (IA) certification and accreditation relies on a multi-tier risk framework where security assessment aligns with NIST information assurance control set. The human analyst ...