| Publication type: | Conference paper |
| Type of review: | Peer review (publication) |
| Title: | Guttman scaling in the FMEA of IT security objectives in enterprises |
| Authors: | Mock, Ralf Günter Kollmann, Eva Straumann, Hugo Ballhaus, Corin |
| Proceedings: | Reliability, risk, and safety : theory and applications |
| Page(s): | 1983 |
| Pages to: | 1990 |
| Conference details: | European Safety and Reliability Conference (ESREL 2009), Prague, Czech Republic, 7-10 September 2009 |
| Issue Date: | 2009 |
| Publisher / Ed. Institution: | Taylor & Francis |
| Publisher / Ed. Institution: | London |
| ISBN: | 978-0-415-55509-8 |
| Language: | English |
| Subjects: | Audit; Tool; IT security; Risk assessment |
| Subject (DDC): | 005: Computer programming, programs and data 658.5: Production management |
| Abstract: | On the strength of experience with risk analysis methodology in IT-operating enterprises, an approach has to be able to deal with limited resources. This prompts an analyst to perform a heuristic and biased approach, which is typically a questionnaire structured by a IT security standard. The difficulty is to draw up a limited set of concise IT security related questions, which result in meaningful outcomes for IT risk analysis purposes. In the proposed approach, the Code of Practice ISO/IEC 27002 is used to structure the analysis and to restrict the number of questions. The Code’s recommendations are rephrased and a Guttman scale is introduced for an IT security FMEA-like risk analysis approach. For frequency assessments it is assumed that an implemented high-level security measurement results in low frequencies of undesired events. The paper pictures the adapted IT-FMEA approach and presents the results of a feasibility study at Switzerland's leading telecom provider. |
| URI: | https://digitalcollection.zhaw.ch/handle/11475/13316 |
| Fulltext version: | Published version |
| License (according to publishing contract): | Licence according to publishing contract |
| Departement: | School of Engineering |
| Organisational Unit: | Institute of Computer Science (InIT) |
| Appears in collections: | Publikationen School of Engineering |
Files in This Item:
There are no files associated with this item.
Show full item record
Mock, R. G., Kollmann, E., Straumann, H., & Ballhaus, C. (2009). Guttman scaling in the FMEA of IT security objectives in enterprises [Conference paper]. Reliability, Risk, and Safety : Theory and Applications, 1983–1990.
Mock, R.G. et al. (2009) ‘Guttman scaling in the FMEA of IT security objectives in enterprises’, in Reliability, risk, and safety : theory and applications. London: Taylor & Francis, pp. 1983–1990.
R. G. Mock, E. Kollmann, H. Straumann, and C. Ballhaus, “Guttman scaling in the FMEA of IT security objectives in enterprises,” in Reliability, risk, and safety : theory and applications, 2009, pp. 1983–1990.
MOCK, Ralf Günter, Eva KOLLMANN, Hugo STRAUMANN und Corin BALLHAUS, 2009. Guttman scaling in the FMEA of IT security objectives in enterprises. In: Reliability, risk, and safety : theory and applications. Conference paper. London: Taylor & Francis. 2009. S. 1983–1990. ISBN 978-0-415-55509-8
Mock, Ralf Günter, Eva Kollmann, Hugo Straumann, and Corin Ballhaus. 2009. “Guttman Scaling in the FMEA of IT Security Objectives in Enterprises.” Conference paper. In Reliability, Risk, and Safety : Theory and Applications, 1983–90. London: Taylor & Francis.
Mock, Ralf Günter, et al. “Guttman Scaling in the FMEA of IT Security Objectives in Enterprises.” Reliability, Risk, and Safety : Theory and Applications, Taylor & Francis, 2009, pp. 1983–90.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.