| dc.contributor.advisor | George Kocur. | en_US |
| dc.contributor.author | Bellefeuille, Cynthia Lynn | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Engineering Systems Division. | en_US |
| dc.date.accessioned | 2006-07-13T15:14:34Z | |
| dc.date.available | 2006-07-13T15:14:34Z | |
| dc.date.copyright | 2005 | en_US |
| dc.date.issued | 2005 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/33313 | |
| dc.description | Thesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2005. | en_US |
| dc.description | Includes bibliographical references (leaf 70). | en_US |
| dc.description.abstract | Technical integration between companies can result in an increased risk of information security breaches. This thesis proposes a methodology for quantifying information security risk to a supply chain participant. Given a system responsible for supply chain interaction and the vulnerabilities attributed to the system, the variables that determine the probability and severity of security incidents were used to create a model to quantify the risk within three hypothetical information systems. The probability of an incident occurring was determined by rating the availability and ease of performing an exploit, the attractiveness of the target and an estimate of the frequency of the attack occurring Internet wide. In assigning a monetary value to the incident, the outcome from an attack was considered in terms of the direct impact on the business process and the potential impact on partnerships. A method for determining mitigation strategies was then proposed based on a given set of monetary constraints and the realization of corporate security policy. | en_US |
| dc.description.statementofresponsibility | by Cynthia Lynn Bellefeuille. | en_US |
| dc.format.extent | 74 leaves | en_US |
| dc.format.extent | 3803915 bytes | |
| dc.format.extent | 3806941 bytes | |
| dc.format.mimetype | application/pdf | |
| dc.format.mimetype | application/pdf | |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | |
| dc.subject | Engineering Systems Division. | en_US |
| dc.title | Quantifying and managing the risk of information security breaches participants in a supply chain | en_US |
| dc.title.alternative | Quantifying and managing the risk of information security breaches to the supply chain | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | M.Eng.in Logistics | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Engineering Systems Division | |
| dc.identifier.oclc | 62311875 | en_US |
