Advanced search options

Advanced Search Options 🞨

Browse by author name (“Author name starts with…”).

Find ETDs with:

in
/  
in
/  
in
/  
in

Written in Published in Earliest date Latest date

Sorted by

Results per page:

You searched for +publisher:"DIAL (Belgium)" +contributor:("Mouratidis, Haralambos"). One record found.

Search Limiters

Last 2 Years | English Only

No search limiters apply to these results.

▼ Search Limiters

1. Mayer, Nicolas. Model-based Management of Information System Security Risk.

Degree: 2009, DIAL (Belgium)

During the last twenty years, the impact of security concerns on the development and exploitation of information systems never ceased to grow. Security risk management methods are methodological tools, helping organisations to take rational decisions, regarding the security of their IS. Feedbacks on the use of such approaches show that they considerably reduce losses originating from security problems. Today, these methods are generally built around a well structured process. However, the product coming from the different risk management steps is still largely informal, and often not analytical enough. This lack of formality hinders the automation of the management of risk-related information. Another drawback of current methods is that they are generally designed for being used a posteriori, that is, to assess the way existing systems handle risks, and are with difficulty usable a priori, during information system development. Finally, with method using its own terminology, it is difficult to combine several methods, in the aim of taking advantage of each of them. For tackling the preceding problems, this thesis proposes a model-based approach for risk management, applicable from the early phases of information system development. This approach relies on a study of the domain's own concepts. This scientific approach is composed of three successive steps. The first step aims at defining a reference conceptual model for security risk management. The research method followed proposes to base the model on an extensive study of the literature. The different risk management and/or security standards, a set of methods representative of the current state of the practice, and the scientific works related to the domain, are analysed. The result is a semantic alignment table of the security risk management concepts, highlighting the key concepts taking place in such an approach. Based on this set of concepts, the security risk management domain model is built. This model is challenged by domain experts in standardisation, risk management practitioners and scientists. The second step of this research work enriches the domain model with the different metrics used in a risk management method. The proposed approach combines two methods to define this set of metrics. The first one is the Goal-Question-Metric (GQM) method applied on the domain model. This method allows to focus on reaching the best return on security investment. The second one enriches the metrics identified with the first approach, through a study of the literature based on standards and methods addressed during the first step. An experimentation on a real case of these metrics is performed, in the frame of supporting a SME towards the ISO/IEC 27001 certification. Finally, in a third step, a set of conceptual modelling languages dedicated to information security is noticed in the literature. These languages are mainly coming from the requirements engineering domain. They allow to tackle security during the early phases of information system development. The… Advisors/Committee Members: FUNDP - 2982 - Pôle Ingénierie des Systèmes d'Information, Hagen, David, Mouratidis, Haralambos, Sindre, Guttorm, Colin, Jean-Noël, Ramaekers, Jean, Heymans, Patrick, Dubois, Eric, Jacquet, Jean-Marie.

Subjects/Keywords: Risk management; Security; Standards; Requirements Engineering

Record DetailsSimilar RecordsGoogle PlusoneFacebookTwitterCiteULikeMendeleyreddit

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6th Edition):

Mayer, N. (2009). Model-based Management of Information System Security Risk. (Thesis). DIAL (Belgium). Retrieved from http://hdl.handle.net/2078.2/22709

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16th Edition):

Mayer, Nicolas. “Model-based Management of Information System Security Risk.” 2009. Thesis, DIAL (Belgium). Accessed May 22, 2019. http://hdl.handle.net/2078.2/22709.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7th Edition):

Mayer, Nicolas. “Model-based Management of Information System Security Risk.” 2009. Web. 22 May 2019.

Vancouver:

Mayer N. Model-based Management of Information System Security Risk. [Internet] [Thesis]. DIAL (Belgium); 2009. [cited 2019 May 22]. Available from: http://hdl.handle.net/2078.2/22709.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Mayer N. Model-based Management of Information System Security Risk. [Thesis]. DIAL (Belgium); 2009. Available from: http://hdl.handle.net/2078.2/22709

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

.