Quantifying and managing the risk of information security breaches participants in a supply chain
DownloadFull printable version (10.85Mb)
Alternative title
Quantifying and managing the risk of information security breaches to the supply chain
Other Contributors
Massachusetts Institute of Technology. Engineering Systems Division.
Advisor
George Kocur.
Terms of use
Metadata
Show full item recordAbstract
Technical integration between companies can result in an increased risk of information security breaches. This thesis proposes a methodology for quantifying information security risk to a supply chain participant. Given a system responsible for supply chain interaction and the vulnerabilities attributed to the system, the variables that determine the probability and severity of security incidents were used to create a model to quantify the risk within three hypothetical information systems. The probability of an incident occurring was determined by rating the availability and ease of performing an exploit, the attractiveness of the target and an estimate of the frequency of the attack occurring Internet wide. In assigning a monetary value to the incident, the outcome from an attack was considered in terms of the direct impact on the business process and the potential impact on partnerships. A method for determining mitigation strategies was then proposed based on a given set of monetary constraints and the realization of corporate security policy.
Description
Thesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2005. Includes bibliographical references (leaf 70).
Date issued
2005Department
Massachusetts Institute of Technology. Engineering Systems DivisionPublisher
Massachusetts Institute of Technology
Keywords
Engineering Systems Division.