Show simple item record

dc.contributor.advisorGeorge Kocur.en_US
dc.contributor.authorBellefeuille, Cynthia Lynnen_US
dc.contributor.otherMassachusetts Institute of Technology. Engineering Systems Division.en_US
dc.date.accessioned2006-07-13T15:14:34Z
dc.date.available2006-07-13T15:14:34Z
dc.date.copyright2005en_US
dc.date.issued2005en_US
dc.identifier.urihttp://hdl.handle.net/1721.1/33313
dc.descriptionThesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2005.en_US
dc.descriptionIncludes bibliographical references (leaf 70).en_US
dc.description.abstractTechnical integration between companies can result in an increased risk of information security breaches. This thesis proposes a methodology for quantifying information security risk to a supply chain participant. Given a system responsible for supply chain interaction and the vulnerabilities attributed to the system, the variables that determine the probability and severity of security incidents were used to create a model to quantify the risk within three hypothetical information systems. The probability of an incident occurring was determined by rating the availability and ease of performing an exploit, the attractiveness of the target and an estimate of the frequency of the attack occurring Internet wide. In assigning a monetary value to the incident, the outcome from an attack was considered in terms of the direct impact on the business process and the potential impact on partnerships. A method for determining mitigation strategies was then proposed based on a given set of monetary constraints and the realization of corporate security policy.en_US
dc.description.statementofresponsibilityby Cynthia Lynn Bellefeuille.en_US
dc.format.extent74 leavesen_US
dc.format.extent3803915 bytes
dc.format.extent3806941 bytes
dc.format.mimetypeapplication/pdf
dc.format.mimetypeapplication/pdf
dc.language.isoengen_US
dc.publisherMassachusetts Institute of Technologyen_US
dc.rightsM.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission.en_US
dc.rights.urihttp://dspace.mit.edu/handle/1721.1/7582
dc.subjectEngineering Systems Division.en_US
dc.titleQuantifying and managing the risk of information security breaches participants in a supply chainen_US
dc.title.alternativeQuantifying and managing the risk of information security breaches to the supply chainen_US
dc.typeThesisen_US
dc.description.degreeM.Eng.in Logisticsen_US
dc.contributor.departmentMassachusetts Institute of Technology. Engineering Systems Division.en_US
dc.identifier.oclc62311875en_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record