Show simple item record

dc.contributor.supervisorFurnell, Steven
dc.contributor.authorDimopoulos, Vassileios Andreas
dc.contributor.otherFaculty of Science and Technologyen_US
dc.date.accessioned2011-05-12T13:01:37Z
dc.date.available2011-05-12T13:01:37Z
dc.date.issued2007
dc.identifierNot availableen_US
dc.identifier.urihttp://hdl.handle.net/10026.1/426
dc.description.abstract

Today's businesses base their operation on their IT infrastructure, which consequently demands that it should be protected accordingly. Nevertheless, surveys tend to indicate that the number of IT security incidents is increasing, resulting in significant losses for the organisations concerned. Leading in poor security practices, and therefore frequent victims of related security incidents, are Small and Medium Enterprises (SMEs). Even though there are a number of solutions, ranging from baseline guidelines to a detailed Risk Assessment (which can be followed to guide organisations through systematically selecting appropriate controls and practices to properly secure their networked assets), evidence suggests that these are not being employed by SMEs. Constraints such as lack of budget, security personnel and awareness are amongst the factors that are deterring SMEs from adopting such solutions, and therefore contributing to their continued problem with security incidents. This thesis specifically targets the problem of security risk assessment within SME environments. Following an examination of the aforementioned constraints, the investigation considers the existing solutions, establishing the reasons that they are not appropriate for SME users. The research identifies that SMEs are in need of a solution that represents a progression of current guidelines, but without being as complicated as existing forms of Risk Analysis. Therefore a new methodology is designed, known as PRAM (Profile-based Risk Analysis and Management), which enables SMEs to analyse and manage their risks in a way that is simple to use and understand, as well as providing economic considerations on threats, their likelihood, effect and the spending required to reduce them to an acceptable level. The methodology is then implemented within a working prototype, which is evaluated using a series of test scenarios. These scenarios are also used as the basis for evaluating existing SME-oriented Risk Analysis solutions, and the findings determine that the PRAM approach is able to deliver a more comprehensive solution. In addition, an evaluation of the PRAM prototype by a series of end-users suggests that it also succeeds in providing a more user-friendly solution than the current alternatives. Overall, this thesis presents a solution that can be adopted by SMEs lacking in-house security expertise. It can assist them in understanding the threats they are under, while at the same time presenting appropriate information to enable management to evaluate their organisation's current IT security situation and select appropriate countermeasures.

en_US
dc.description.sponsorshipA. G. Leventis foundationen_US
dc.language.isoenen_US
dc.publisherUniversity of Plymouthen_US
dc.titleEffective information assurance with risk managementen_US
dc.typeDoctorateen_US


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record


All items in PEARL are protected by copyright law.
Author manuscripts deposited to comply with open access mandates are made available in accordance with publisher policies. Please cite only the published version using the details provided on the item record or document. In the absence of an open licence (e.g. Creative Commons), permissions for further reuse of content should be sought from the publisher or author.
Theme by 
@mire NV