The technology behind information systems evolves at an exponential rate, while at the same time becoming more and more ubiquitous. This brings with it an implicit rise in the average complexity of systems as well as the number of external interactions. In order to allow a proper assessment of the security of such (sub)systems, a whole arsenal of methodologies, methods and tools have been developed in recent years. However, most security auditors commonly use a very small subset of this collection, that best suits their needs. This thesis aims at uncovering the differences and limitations of the most common Risk Assessment frameworks, the conceptual models that support them, as well as the tools that implement them. This is done in order to gain a better understanding of the applicability of each method and/or tool and suggest guidelines to picking the most suitable one.
|Place of Publication||Enschede|
|Publisher||Centre for Telematics and Information Technology (CTIT)|
|Number of pages||131|
|Publication status||Published - 1 Sep 2013|
|Name||CTIT Technical Report Series|
|Publisher||University of Twente, Centre for Telematics and Information Technology (CTIT)|
- EC Grant Agreement nr.: FP7/2007-2013
- EC Grant Agreement nr.: FP7/318003
- RISK ASSESSMENT
- Information Security
- Information Systems
- Risk Management
Ionita, D., Hartel, P. H., Pieters, W., & Wieringa, R. J. (2013). Current established risk assessment methodologies and tools. (CTIT Technical Report Series; No. TR-CTIT-14-04). Enschede: Centre for Telematics and Information Technology (CTIT).