Ανάλυση και διαχείριση επικινδυνότητας στα πληροφοριακά συστήματα - υλοποίηση μεθοδολογίας σε επιχειρησιακό περιβάλλον
Γεωργίου, Σοφία Ι.
As most organizations are now based much of their operation in information systems, the need for proper security increases. Unfortunately, it is difficult to select the security measures needed to achieve adequate security. Large amounts of resources spent to avoid failures. However, it is ultimately impossible to guarantee that the IS is perfect, it is also impossible to predict and eliminate anything from the outside world that might threaten the IS. But what can be achieved is to reduce the likelihood of risk, which will also lead to reduction of uncertainty. Prerequisite for achieving this reduction is the application of appropriate risk management to achieve adequate recognition and effective treatment of various threats to the system. If risk is seen as the context that refers to political, technical and management factors that threaten a IS or success of software projects, its management is the process of identification and analysis of these threats, quantifying their impact and implementation of projects to be reduce or eliminate the negative consequences. This thesis deals with risk analysis, procedures and methodologies that identify security problems, the rank based on their importance and then propose solutions to resolve them. It shows the different ways of risk analysis; the main methods used today, the software packages on the market. In the end, carried out a risk analysis application to a multinational R&D Telecommunications company's software NRisk. Through this effort, it seems the value of risk management for software control, while deriving some important factors that directly affect the rate of risk remaining after the completion phase, and an overall risk management process.