Current established risk assessment methodologies and tools

Dan Ionita, Pieter H. Hartel, Wolter Pieters, Roelf J. Wieringa

    Research output: Book/ReportReportProfessional

    1843 Downloads (Pure)

    Abstract

    The technology behind information systems evolves at an exponential rate, while at the same time becoming more and more ubiquitous. This brings with it an implicit rise in the average complexity of systems as well as the number of external interactions. In order to allow a proper assessment of the security of such (sub)systems, a whole arsenal of methodologies, methods and tools have been developed in recent years. However, most security auditors commonly use a very small subset of this collection, that best suits their needs. This thesis aims at uncovering the differences and limitations of the most common Risk Assessment frameworks, the conceptual models that support them, as well as the tools that implement them. This is done in order to gain a better understanding of the applicability of each method and/or tool and suggest guidelines to picking the most suitable one.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages131
    Publication statusPublished - 1 Sep 2013

    Publication series

    NameCTIT Technical Report Series
    PublisherUniversity of Twente, Centre for Telematics and Information Technology (CTIT)
    No.TR-CTIT-14-04
    ISSN (Print)1381-3625

    Keywords

    • EWI-24541
    • EC Grant Agreement nr.: FP7/2007-2013
    • METIS-302885
    • EC Grant Agreement nr.: FP7/318003
    • Tools
    • RISK ASSESSMENT
    • SCS-Services
    • IR-89558
    • IS-SECURITY
    • SCS-Cybersecurity
    • Information Security
    • Information Systems
    • Framkeworks
    • Risk Management
    • Methodologies

    Cite this

    Ionita, D., Hartel, P. H., Pieters, W., & Wieringa, R. J. (2013). Current established risk assessment methodologies and tools. (CTIT Technical Report Series; No. TR-CTIT-14-04). Enschede: Centre for Telematics and Information Technology (CTIT).