MIT Libraries logoDSpace@MIT

MIT
View Item 
  • DSpace@MIT Home
  • MIT Libraries
  • MIT Theses
  • Graduate Theses
  • View Item
  • DSpace@MIT Home
  • MIT Libraries
  • MIT Theses
  • Graduate Theses
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Quantifying and managing the risk of information security breaches participants in a supply chain

Author(s)
Bellefeuille, Cynthia Lynn
Thumbnail
DownloadFull printable version (10.85Mb)
Alternative title
Quantifying and managing the risk of information security breaches to the supply chain
Other Contributors
Massachusetts Institute of Technology. Engineering Systems Division.
Advisor
George Kocur.
Terms of use
M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582
Metadata
Show full item record
Abstract
Technical integration between companies can result in an increased risk of information security breaches. This thesis proposes a methodology for quantifying information security risk to a supply chain participant. Given a system responsible for supply chain interaction and the vulnerabilities attributed to the system, the variables that determine the probability and severity of security incidents were used to create a model to quantify the risk within three hypothetical information systems. The probability of an incident occurring was determined by rating the availability and ease of performing an exploit, the attractiveness of the target and an estimate of the frequency of the attack occurring Internet wide. In assigning a monetary value to the incident, the outcome from an attack was considered in terms of the direct impact on the business process and the potential impact on partnerships. A method for determining mitigation strategies was then proposed based on a given set of monetary constraints and the realization of corporate security policy.
Description
Thesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2005.
 
Includes bibliographical references (leaf 70).
 
Date issued
2005
URI
http://hdl.handle.net/1721.1/33313
Department
Massachusetts Institute of Technology. Engineering Systems Division
Publisher
Massachusetts Institute of Technology
Keywords
Engineering Systems Division.

Collections
  • Graduate Theses
  • SCALE Research Reports

Browse

All of DSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

My Account

Login

Statistics

OA StatisticsStatistics by CountryStatistics by Department
MIT Libraries
PrivacyPermissionsAccessibilityContact us
MIT
Content created by the MIT Libraries, CC BY-NC unless otherwise noted. Notify us about copyright concerns.