EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Assessing and managing risks to information assurance: A methodological approach

Gregory A. Lamm and Yacov Y. Haimes

Systems Engineering, 2002, vol. 5, issue 4, 286-314

Abstract: Recent events such as the September 11th attack, the Yahoo! denial‐of‐service attack, the I Love You virus, and the Code Red worm have sparked a dramatic interest in assuring the future security of information infrastructures. Information systems are increasingly interconnected, interdependent, and complex. Information assurance (IA) attempts to answer critical questions of trust and credibility associated with our digital environment. It presents myriad considerations and decisions that transcend many dimensions: technological advancement, legal, political, economic, social, cultural, institutional, organizational, and educational. Despite the millions of dollars spent on firewalls, encryption technologies, and intrusion detection software, information infrastructure vulnerabilities and disruptive incidents continue. These trends have a significant impact on military operations now and for the next decades. This paper identifies and develops a methodological framework for assessing and managing IA risks. The methodology is based on the systems engineering design process as well as on the guiding principles of risk assessment and management. It builds on hierarchical holographic modeling (HHM) and risk filtering, ranking, and management (RFRM). HHM identifies a plethora of risk scenarios and sources of risk that are innate in current complex information systems. The flexibility of the HHM philosophy permits limitless representations of systems perspectives, constrained only by the knowledge, creativity, and imagination of the analyst and the appropriateness of the modeling efforts. RFRM is an eight‐phase process that filters the hundreds of risk scenarios down to a manageable few (10–20), and ranks them. The risk management phase then identifies the acceptable policy options and analyzes the tradeoffs among them by using quantifiable risk management tools. This process analyzes the wealth of statistical data on losses due to system failures, to intrusions, or to vulnerabilities of information assurance. © 2002 Wiley Periodicals, Inc. Syst Eng 5: 286–314, 2002

Date: 2002
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (5)

Downloads: (external link)
https://doi.org/10.1002/sys.10030

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:wly:syseng:v:5:y:2002:i:4:p:286-314

Access Statistics for this article

More articles in Systems Engineering from John Wiley & Sons
Bibliographic data for series maintained by Wiley Content Delivery ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:wly:syseng:v:5:y:2002:i:4:p:286-314