Ποσοτικοποίηση των κινδύνων παραβιάσεων ασφαλείας πληροφοριακών συστημάτων

View/ Open
Subject
Πληροφοριακά συστήματα -- Μέτρα ασφαλείας ; Πληροφόρηση -- Τεχνολογία ; Δίκτυα πληροφόρησης -- Μέτρα ασφαλείαςAbstract
This thesis deals with the analysis of risks emanating from security breaches of Information Systems. It proposes a new quantitative methodology that, returns objective security level measurement of an IS, which can be implemented by all management members of an organization. A new theoretical frame for handling security breaches was suggested, based on their correlation to the total amount of enterprise risks. The impact level, caused by security breaches, was studied by the combined analysis of studies stemming from professional organizations, the academic community and by the empirical study that was accomplished during this thesis. The impact was assessed at incident level as well as the affected records of data, with respect to direct and indirect costs. The modeling of security breaches probability was based on two research areas: The quantification of security level that was accomplished with objectivity utilizing stochastic methods and the proper application of the methodological frame that accrues from the Gordon-Loeb model. The combination of the aforementioned research results, led to the synthesis of a model from which the level of security breaches risks of an organization can by assessed in monetary terms. At the end, the application of the VaR methodology to the security breaches risks was researched based on the proposed model.