The Quantification Of Information Systems Risk A Look At Quantitative Responses To Information Security Issues Craig Wright by Craig Wright instant download after payment.

This thesis demonstrates information security can be modelled through a systematic integration of the human, system and software aspects of risk. The creation of risk models based on the deployment of a combination of these approaches drawing on the advanced statistical techniques now available and the creation of game theoretic quantitative models of risk to information systems within set confidence levels is shown to be achievable. This research demonstrates that it is feasible to investigate and quantify the root cause of security flaws that act as a source of system compromise allowing business and governments to most efficiently allocate funds in controlling risk. The thesis demonstrates that to do this requires integrated models that account for the various risk dimensions in information security. Research into the effects of poor system design, market-based risk solutions based on derivative instruments and the impact of common system misconfigurations is incorporated into multivariate survival models. This research also addresses the economic impact of various decisions as a means of determining the optimal distribution of costs and liability when applied to information security and when assigning costs in computer system security and reliability engineering.