An Information Security Management Model for Risk Management in IT-based Organizations

Aftabi, Navid | 2018

398 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 51630 (01)
  4. University: Sharif University of Technology
  5. Department: Industrial Engineering
  6. Advisor(s): Kianfar, Farhad
  7. Abstract:
  8. Nowadays, Information Security is one of the most challenging issues in organizations. With the development of technology and the Internet, people insist on greater access to information and data. In addition to creating value-added for the organization, collecting a huge amount of data in the organization's database and using IT tools threat it by losing the funds and credibility obtained from customer confidence in different ways. Therefore, managing information security is necessary due to the current competitive environment. In spite of the advancement of technology, the existence of many complexities in this subject led to the growth of security incidents. Hence, the organizations’ managers need to have a comprehensive understanding of the interactions and the complicated dynamics of the system to make well-suited decisions in the security context. This research intends to afford an appropriate tool for managers to assist them in making an investment decision on security controls by understanding the complex interactions of the system through the cost lens. Thus, by utilizing Multi-Method modeling, System Dynamics and Agent-based modeling, a complex framework consist of three main agents, the organization, the outsiders, and the insiders. This model is introduced to capture each agent’s inherent complexities and the dynamic interactions between them through the security investment and the cost of the successful attack. According to result, contrary to the public's perception of this problem, which only considers the technical aspect of the security controls, the threats arise from the organization, are more plausible and more harmful than its outside. Therefore, managers should pay considerable attention to both sides of the organization to implement reliable security in the organization
  9. Keywords:
  10. Secure Data Management ; Risk Management ; Multi-Method Approach ; Agent Based Modeling ; System Dynamic ; Monte Carlo Simulation ; Risk Mitigation

 Digital Object List