Σχεδίαση και υλοποίηση μεθοδολογιών διαχείρισης ασφάλειας πληροφοριακών συστημάτων

Design and development of information systems risk assessment methodologies

Thumbnail
Master Thesis
Author
Ευαγγελιάς, Γεώργιος Απ.
Date
2017-10
Advisor
Δουληγέρης, Χρήστος
View/Open
Keywords
Προσομοίωση ; CRAMM ; MAGERIT ; MEHARI ; Computer security 
Abstract
The problem of the security of information systems has always been critical from computer science. Undoubtedly, today the risk is more conscious, as the systems are exposed to a wide range of users and hence risks. Information, whatever its form, if it is important, needs to be properly protected. This is the ultimate goal of information security: to protect information from a wide range of threats by providing security to the business community, minimizing business damage and increasing profit from investment and business opportunities. The security of their systems and data is defined in three axes: availability, confidentiality, integrity. In the last few years, has been observed that the value of a company's assets comes mainly from intangibles. Inevitably, dependence on information systems and services means that organizations are more vulnerable to security threats. Data, information, support processes, systems and networks are important business assets, so preserving one company can avoid immeasurable problems that may arise. The rapid growth and growth of companies has resulted in a more "attractive" target, so their information systems and networks have to deal with threats from a wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. Sources of damage such as computer viruses and computer hacking have become increasingly common, more ambitious and impressively skilled. So, we understand the importance of information security in an enterprise. In this dissertation, are presented some of the most well-known and internationally accepted methods of risk analysis and a detailed comparison of the results between CRAMM, MAGERIT and MEHARI is made for the selected simulation scenario of a financial institution that is a critical infrastructure, in order to find the appropriate methodology for carrying out a risk analysis on it, as required by the international standards regarding information security.
Postgraduate Studies Programme
Πληροφορική
Department
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα Πληροφορικής
Number of pages
126
Language
Greek
URI
https://dione.lib.unipi.gr/xmlui/handle/unipi/10443
Collections
Show full item record
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές
Except where otherwise noted, this item's license is described as
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές
Βιβλιοθήκη Πανεπιστημίου Πειραιώς
Contact Us
Send Feedback
Created by ELiDOC
Η δημιουργία κι ο εμπλουτισμός του Ιδρυματικού Αποθετηρίου "Διώνη", έγιναν στο πλαίσιο του Έργου «Υπηρεσία Ιδρυματικού Αποθετηρίου και Ψηφιακής Βιβλιοθήκης» της πράξης «Ψηφιακές υπηρεσίες ανοιχτής πρόσβασης της βιβλιοθήκης του Πανεπιστημίου Πειραιώς»