A qualitative analysis of risk assessment and the criteria for software evaluation and selection

Posted on:1996-02-07

Degree:Ph.D

Type:Dissertation

University:Walden University

Candidate:Atabansi, Lloyd Amechi

Full Text:PDF

GTID:1469390014986163

Subject:Business Administration

Abstract/Summary:

The need for proper securitization and protection of computer systems and their peripherals from internal and external threats had created a social dilemma for many organization that were concerned with the minimization of risk exposure to their computer systems and facilities. This document portrays meaningful considerations for evaluating and selecting risk assessment software for managing risks in computer and telecommunications systems. As a consequence of the variety of risk management products accessible in the risk community, there was no consistent procedure of ascertaining which of the risk management products were most appropriate for any given organization's condition. A new method was proposed by William M. Garrabrantss, Alfred W. Ellis III, Lance J. Hoffman, and Magdi Kamel that competently and impartially evaluated these risk management products for appropriateness and instituted a criteria for selecting the most effective and efficient product. In addition to this new method, another method was also developed by Irene E. Gilbert Guide to Selecting Automated Risk Analysis Tools.; The information presented in this document was obtained from reviews of risk analysis software models in the Risk Management Research Laboratory that was jointly supported by the National Institute of Standards and Technology (NIST) and the National Computer Security Center (NCSC) and from numerous published articles, journals, books, Federal government and Agency files, and academic authors.; This document contains several questionnaires and a product selection checklist developed by Garrabrantss, Ellis, Hoffman, Kamel, and Gilbert for evaluating and comparing risk management methodologies and tools. Six risk assessment procedures were performed by the researcher and expert security risk analysts using the following risk management tools: CRAMM, RiskWatch, RA/SYS, BUDDY System, BDSS, and LAVA on a computer facility. These questionnaires, referred to as the "Evaluation Metrics" by Garrabrantss, Ellis, Hoffman, and Kamel were sent to vendor references, EDP security and systems analysts to be completed. Upon completion of the questionnaires, they were sent back to the researcher for analysis and evaluation. Based on this process the best methodology became apparent.

Keywords/Search Tags:

Risk, Evaluation, Computer, Software, Systems

Related items

1	Quantitative risk analysis of computer networks
2	Research On Evaluation Of Computer Software Copyright Based On Income Method
3	Evaluation Study For Performance Of Listed Companies In Computer Software Industry
4	Organizational policy, organizational support systems, computer education, and attitudes toward the computer as they relate to computer usage in private industry
5	Software project risk analysis models with application to embedded systems
6	Research On Computer Auditing Based On Information System
7	Exploration Of Risk Control Computer Audit
8	Telecommunications Operators Software Project A Outsourcing Risk Management Research
9	The relationship between manager's leadership style and employee job satisfaction in selected Beijing computer software companies
10	On Current Status And Economic Impacts Of Fdi In Information Communication, Computer Service And Software Industry In China