Article

Computer security methodology: Risk analysis and project definition

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

A structured, progressive approach to the process of risk analysis, problem identification and project definition will contribute to the successful implementation of computer security in an organization. Potential losses of information technology assets need to be identified and quantified. It is critical for the senior management of an organization to be involved in the decision making process regarding the selection of computer security countermeasures. The objectives of this paper are to address the issue of risk analysis in view of an overall information security plan.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... First, there is little research that explicitly takes a risk management perspective on AI. While most AI research does not explicitly draw on risk management theory [13,14], the risk management literature does not focus on AI, examining instead risks associated with information system (IS) projects [8,9] or with traditional software and hardware [22]. However, AI systems differ from these two in that AI systems are software (unlike IS projects) with agentic qualities (unlike traditional hardware and software) [21]. ...
Chapter
Full-text available
Notwithstanding its potential benefits, organizational AI use can lead to unintended consequences like opaque decision-making processes or biased decisions. Hence, a key challenge for organizations these days is to implement procedures that can be used to assess and mitigate the risks of organizational AI use. Although public awareness of AI-related risks is growing, the extant literature provides limited guidance to organizations on how to assess and manage AI risks. Against this background, we conducted an Action Design Research project in collaboration with a government agency with a pioneering AI practice to iteratively build, implement, and evaluate the Artificial Intelligence Risk Assessment (AIRA) tool. Besides the theory-ingrained and empirically evaluated AIRA tool, our key contribution is a set of five design principles for instantiating further instances of this class of artifacts. In comparison to existing AI risk assessment tools, our work emphasizes communication between stakeholders of diverse expertise, estimating the expected real-world positive and negative consequences of AI use, and incorporating performance metrics beyond predictive accuracy, including thus assessments of privacy, fairness, and interpretability.
... The security of information assets in organisations has been a research subject for many years (Badenhorst and Eloff, 1990, Loch et al., 1992, Blakley et al., 2001, Siponen and Oinas-Kukkonen, 2007 largely focusing on technology and technological risks. While there has been early research on the economic impact of information security risks (Ekenberg et al., 1995), academic research was rather limited until the turn of the millennium when papers by Anderson (2001) as well as raised interest in this topic. ...
Article
Full-text available
Research on technological aspects of information security risk is a well-established area and familiar territory for most information security professionals. The same cannot be said about the economic value of information security investments in organisations. While there is an emerging research base investigating suitable approaches measuring the value of investments in information security, it remains difficult for practitioners to identify key approaches in current research. To address this issue, we conducted a systematic literature review on approaches used to evaluate investments in information security. Following a defined review protocol, we searched several databases for relevant primary studies and extracted key details from the identified studies to answer our research questions. The contributions of this work include: a comparison framework and a catalogue of existing approaches and trends that would help researchers and practitioners navigate existing work; categorisation and mapping of approaches according to their key elements and components; and a summary of key challenges and benefits of existing work, which should help focus future research efforts.
... Courtney proposed a quantitative evaluation of risk based on two elements: the probability of the risk occurrence and the cost associated with that risk. Other researchers suggested methods that refined the estimation of risk elements developed by Courtney (FitzGerald, 1978) (Badenhorst & Eloff, 1990). Different variants with varying scope were also developed by Saltmarsh & Browne (1983) and Wong (1977). ...
Article
Full-text available
The pace of evolution of scientific research has been increasing at unprecedented rates. This may be attributed to the requirements placed on researchers to provide practicial answers to complex and messy real world problematic situations. Reseacrhers are required to undertake interdisciplinary research projects which necessitate navigating an increasingly growing body of knowledge in each discipline. Setting research agendas and scoping the initial stages of the literature review have become difficult tasks. In this paper, we propose a systematic approach to conducting literature reviews and developing research agendas. We present a conceptual framework, based on Soft Systems Methodology, to enable researchers to structure the initial stages of their work by providing appropriate means to scope their literature reviews. This framework acknowledges the complexity of modern scienifitc research into real world problems. We demonstrate the usefulness of our approach through a literature survey we conducted to set a research agenda for the field of information assurance.
... Risk analysis is generally not considered as an important task in the implementation of computer security at major organization. Badenhorst and Eloff [5] addresses the issue of risk analysis in the view of an overall information security plan. The method is the ®rst to indicate the position of a risk analysis study within the security plan. ...
Article
Product data management (PDM) and distributed product data management (DPDM) systems have made product data a valuable and available commodity for many different kinds of computing applications in production. However, there are worries that this product data will lead to new security risks, and to the invasion of the DPDM system. It is because all people in a manufacturing enterprise will somehow get in touch with the DPDM system. Dealing with these tremendous amounts of interaction between the system and the various users, the utmost importance is to ensure that all data are secured and all users are under controlled and managed. Therefore, the security of DPDM system has been of great concern to individuals and corporations. The paper discusses the security requirements faced by a DPDM system in different organizational contexts. It is argued that access control requires a workspace stratified user management security model to specify. The prominent supporting features of the system including user organization, workspace and security are outlined. A new mixed approach access model for the system is proposed. In this model, user management and two main classical access control methods, the Lampson’s access matrix and Bell and LaPadula (BLP) security labels, are analyzed and adapted to the application with multiple system user and product data in order to support a workspace-oriented DPDM system.
... In this stream, risk analysis is employed to produce knowledge about the security of a system under development (Baskerville 1991). Many published methodologies adopt or adapt the approach (Badenhorst and Eloff 1990;Courtney 1977;Fisher 1984,;Fitzgerald 1978;Parker 1981), large organizations practice variations (Saltmarsh and Browne 1983), and it is part of a U.S. Federal Information Processing Standard (NBS 1979). These contributions are all based on a conventional approach to risk analysis. ...
Article
This article presents a new approach to the management of evolutionary prototyping projects. The prototyping approach to systems development emphasizes learning and facilitates meaningful communication between systems developers and users. These benefits are important for rapid creation of flexible, usable information resources that are well-tuned to present and future business needs. The main unsolved problem in prototyping is the difficulty in controlling such projects. This problem severely limits the range of practical projects in which prototyping can be used. The new approach suggested in this article uses an explicit risk mitigation model and management process that energizes and enhances the value of prototyping in technology delivery. An action research effort validates this risk analysis approach as one that focuses management attention on consequences and priorities inherent in a prototyping situation. This approach enables appropriate risk resolution strategies to be placed in effect before the prototyping process breaks down. It facilitates consensus building through collaborative decision making and is consistent with a high degree of user involvement.
... Many published methodologies adopt or adapt their approach (cf. Royal Fisher [1984], Donn Parker [1981] or Badenhorst and Eloff [1990]), and large organisations practice variations (see Saltmarsh and Browne [1983] for an excellent review). The U.S. government accepts risk analysis as one of its Federal Information Processing Standards [NBS, 1979]. ...
Article
Risk analysis is the predominant technique used by information security professionals to establish the feasibility of information systems controls. Yet it fails an essential test of scientific method—it lacks statistical rigour and is subject to social misuse. Adoption of alternatives from other disciplines, however, proves even more implausible. Indeed, even improved rigour in risk analysis may limit its usefulness. Perhaps risk analysis is misconceived: its ostensible value as a predictive technique is less relevant than its value as an effective communications link between the security and management professionals who must make decisions concerning capital investments in information systems security.
... Consequently this technique has been widely used and forms the basis of a number of proprietary variants (e.g. Badenhorst & Eloff, 1990). ...
Article
Full-text available
This paper argues that technological solutions are an impediment in the understanding of information systems security concerns.
Article
Full-text available
Conference Paper
The increasing interest of both business and government sectors in information security issues has led up to the collection of several security incidents in inventories. Most of these inventories pertain to specific environments; among them there exist inventories pertaining to health information systems. Information included in these inventories could be exploited by information systems developers, if a proper means for their effective processing is provided. Such a means is a recently proposed taxonomy scheme which classifies information system security flaws according to how, where and when they been introduced. In this paper, this taxonomy scheme has been used to classify health information system security flaws. Conclusions based on the results of this classification are drawn.
Article
More and more attention has been devoted to the alignment of information technology (IT) spending and initiatives with organizational strategic objectives. IT spending across organizations and industries has a high opportunity cost and involves a substantial opportunity for deviations from support for the highest priorities of business units. The business justification and rationale for information security has come under similar scrutiny at a time when the nature of many organizations is being transformed by the network economy. More and more business functions and processes are enabled by information assets and capabilities that are vulnerable to new and adapting threats. This paper examines the impact of the strategic alignment of information security spending with organizational goals and with the risk tolerances of decision makers. It provides an explanation for and insight into the observed differences in executive responses to cyber threats and risk assessments. It models the relationship between security resources and risk mitigation, and it identifies the premiums that organizations expect to receive or pay for bearing or avoiding information security risk.
Article
The past decade has shown the importance of information security, with special emphasis on network security, disaster recovery and risk management. A number of automated approaches for the facilitation of a risk analysis study have appeared on the software market. Organizations today face the difficult task not only of executing a risk analysis study, but also of selecting a method that will best suit their requirements.A number of methods are available today, utilizing different terminology for similar concepts. Risk analysis, the most commonly used term in this field, is mostly used to identify objects for protection. “Risk management” might also be included as part of risk analysis, depending on the functionality of the method used. Automated risk analysis methods need to be viewed not only from the internal operation of the method but also from a terminological point of view.The objective of this paper is to suggest a framework for risk management terminology. The application of the framework will be demonstrated through a high level discussion of the CRAMM, LAVA and MELISA risk analysis methods.
Article
Most severe criticism of computer security risk analysis is founded on a single, positivist, philosophical viewpoint. From this viewpoint, the method lacks objective elementary data points, and its simple statistical decision model fails at least one major test of scientific methods. However, such a method might be scientifically valid as a source for professional knowledge when applied within more appropriate social philosophical frameworks. For example, risk analysis has been, from its earliest descriptions, suitable as an interpretive artifact. The practical implications of these concepts include the importance of experience for practitioners, the ease of misuse, and the danger to the method's validity of naive extensions or adjustments to the original simple method. The practitioner should also recognize the ethical issues raised by the method's communication channel.
Article
The TOPM (Target Optimum Portfolio Management) approach to IT (information technology) risk management, as proposed in this paper, is a formal approach based on the concept of a dynamic life cycle, with one of its major objectives the targeting and optimization of the risk management process itself. Across the range of different types of businesses, business cultures, organizational structures, information technology environments and application systems within those environments, the requirements of risk management methods for business information systems differ to a great extent.A distinctive feature of the TOPM approach is its dynamic nature, which allows a customized model to be defined for every situation considered. Addressing the need for new formal models in a holistic way, covering the full IT risk management life cycle, as well as all IT domains within the business environment, a deterministic and intuitive approach is applied in the definition of the model. Rather than approaching the analysis, assessment and management of IT risk in the conventional manner through rigidly considering domains such as hardware, software, environment and personnel, the TOPM model follows a composite approach. Matrix theory is applied for the allignment of domains. The concept of transaction routes further facilitates the integregation and alignment process. In signifying its relevance to functional organizational structures, the TOPM model is further placed in the context of the multi-disciplinary five-phased IS (information security) methodology, as formerly proposed by the authors. Various enabling technologies are introduced, some of which are often applied in mathematical modelling, others of which are applied in business functions not usually directly associated with information technology, such as financial risk management portfolio theory.
Article
Full-text available
The security of information systems is a serious issue because computer abuse is increasing. It is important, therefore, that systems analysts and designers develop expertise in methods for specifying information systems security. The characteristics found in three generations of general information system design methods provide a framework for comparing and understanding current security design methods. These methods include approaches that use checklists of controls, divide functional requirements into engineering partitions, and create abstract models of both the problem and the solution. Comparisons and contrasts reveal that advances in security methods lag behind advances in general systems development methods. This analysis also reveals that more general methods fail to consider security specifications rigorously.
Article
Consider a rooted tree network, where the items enter at the system and they proceed away from the root until they reach their destination and exit the system, and they are served by a FIFO policy at each arc (server) of the network. The routing is defined by a discrete probability distribution with a given probability for each destination. For such systems, stochastic modelling of the departure times and the delay times is proposed, by the incorporation of random parameters of the inter-arrival times and of the service times, describing dynamic environments. A mixture model for the departure times is introduced. This mixture has an arbitrary mixing distribution defined by the environmental parameter distributions and the routing distribution. The main results provide conditions to compare stochastically the departure times (delay times) for two rooted tree networks characterized by different routing disciplines or by environmental and correlated random vectors of parameters. Furthermore, bounds for these measures are obtained from some well-known dependence concepts, as the PQD property, and ageing properties of the random environment. Similar results for butterfly networks, tree networks with possible failure during the service and other networks are provided. Within the computer networks, our framework and our results provide explorative tools to assess the design, the performance and the security of communication systems.
Article
Full-text available
The management of adverse events within organisations has become a pressing issue as the perceptions of risk continue to heighten. However the basic need for developing secure information systems has remained unfulfilled. This is because the focus has been on the means of delivery of information, i.e. the technology, rather than on the various contextual factors related to information processing. The overall aim of this research is to increase understanding of the issues and concerns in the management of information systems security. The study is conducted by reviewing the analysis, design and management of computer based information in two large organisations - A British national Health Service Hospital Trust and a Borough Council. The research methodology adopts an interpretive mode of inquiry. The management of information systems security is evaluated in terms of the business environment, organisational culture, expectations and obligations of different roles, meanings of different actions and the related patterns of behaviour. Findings from the two case studies show that an inappropriate analysis, design and management of computer based information systems affects the integrity and wholeness of an organisation. As a result, the probability of occurrence of adverse events increases. In such an environment there is a strong likelihood that security measures may either be ignored or are inappropriate to the real needs of an organisation. Therefore what is needed is coherence between the computer based information systems and the business environment in which they are embedded. In conclusion, this study shows that to resolve the problem of managing information systems security, we need to understand the deep seated pragmatic aspects of an organisation. Solutions to the problem of security can be provided by interpreting the behavioural patterns of the people involved.
Article
The purpose of this paper is to map the current territory of information systems and security research. It uses the Burrell and Morgan framework as an intellectual map to analyse the socio-philosophical concerns in various information systems and security approaches. The paper's contributions are in its analysis of trends in information systems and security research, the former in stressing the socio-organizational perspectives and the latter in criticizing the preponderance of technical solutions. The paper also sets an agenda for a future research emphasis.
Conference Paper
First Page of the Article
Conference Paper
Computer security is emerging as the business risk of the 1990s for many organizations operating in the commercial sector. Unlike military, government, defense and financial organizations, the mid- to low-risk commercial sector does not have well-developed security procedures. However, owing to the very different security needs of the commercial sector, it is inappropriate to apply the procedures used by high-risk organizations. The characteristic system security concerns of the commercial sector, are identified, some solutions are suggested, and a structured and systematic approach to security assessment in the form of a qualitative approach to security risk analysis is investigated
Article
The life cycle of computer security is a paradigm to the software development life cycle, a tool that provides structure and foundation for the planning, development and implementation of application software. Current “off-the-shelf” methodologies are mostly for conventional software system development. The objective of this paper is to design a methodology for the introduction, development and maintenance of computer security within major organizations. Both the following issues will be addressed: technological computer security such as physical and logical aspects, and applications computer security referring to the development of software.
Article
Data assets are as important to an organization as financial, plant or other assets, but no simple method exists to quantify their importance. This determination must be mased on an understanding of the assets' potential for compromise, intrinsic and relative values, and the cost of reducing vulnerability. To reduce the problem to manageable proportions types of data must be reduced to a moderate number of sets within which there is similarity in all these factors. If then the value of each class is assessed, a total can be established. This paper discusses the relationships between this total, which is the maximum “Potential Asset Loss,” and costs involved in establishing a security program.
Article
The problem of selecting internal controls, or that subset of those controls we call security measures, in a data processing environment yields rather readily to an orderly, systematic approach. Such an approach requires recognition that a control should not be implemented if it costs more than tolerating the problem. Further, no control should be implemented which is more costly or less effective or displaces less potential loss than does some other control. The basic concept and outline of the systematic approach is described and references to supplemental papers for guidance in specific areas is provided through the bibliography.
Article
Computer systems now dominate the processing of financial information. In many cases these systems are very sophisticated and provide people with direct access to an organisation's financial information. This paper proposes a new approach to evaluating the risks of fraud and error in such computer systems. This approach is efficient to use, precise in its conclusions and has already been widely tested in practice.
Article
Even if an organization has the best technical computer security talent and the most dedicated staff, it may still have an ineffective systems security function. This situation is frequently encountered and is caused by too much emphasis on the technical aspects and too little attention to the managerial aspects of systems security. Many of us in the systems security field immerse ourselves in fascinating technical details at the expense of the managerial issues essential to the success of a systems security effort. This article-discusses the managerial perspectives with which an appropriate balance between the managerial and the technical may be struck.Although each organization has its idiosyncrasies, experience has shown that a number of common approaches to managing an information systems security function are both effective and prudent. While there exists no standard template with which one can design a systems security function, this article illuminates some tried-and-true methods associated with organizational design, raising the level of management awareness, and obtaining needed resources.This article is based partly on a panel discussion for which the author was the moderator, an informal poll of San Francisco bay area systems security administrators and EDP auditors, and the author's information systems security consulting experience.
Article
A key success factor in implementing computer security is the much discussed and important issue of management commitment. Management commitment is demonstrated through the effective fostering of a computer security policy within the organization. Many textbooks provide guidelines on what to include or exclude in compiling a computer security policy. However, little is said about issues such as accountability, responsibility and the actual scope of computer security. This paper will address various issues of critical importance in compiling a computer security policy.
Article
Finding a proper balance between productivity and control is critical for maintaining an effective end-user computing environment. This paper surveys problems associated with productivity in end-user computing environments including their causes and organizational impacts. Controls are recommended to overcome the problems and thereby enhance productivity.
Computer security management: important feedback
  • Eloff
Computer and network security policy: a challenge to organizations' computer security
  • Becker
Problem definition: an essential prerequisite to the implementation of security measures' computer security
  • Courtney
A structured approach to computer security
  • Waring