A probabilistic approach to risk management in mission-critical information technology infrastructure

Author(s)
Oren, Gadi
Thumbnail
DownloadFull printable version (43.87Mb)
Other Contributors
System Design and Management Program.
Advisor
George E. Apostolakis.
Terms of use
M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582
Metadata
Show full item record
Abstract
In the nuclear, aerospace and chemical industries, the need for risk management is straightforward. When a system failure mode may cause a very high cost in lives or economic value, risk management becomes a necessity. In its short history, Information Technology (IT) came to be a crucial part and sometimes the platform of business activities for many large companies such as telecommunication or financial services organizations. However, due to scale and complexity, risk management methods used by other industries are not widely applied in IT.In this thesis, we investigate how probabilistic risk assessments methods used in other industries can be applied to IT network environments. A comparison is done using a number of possible approaches, improvements to these approaches are suggested, and different tradeoffs are discussed. The thesis examines ways to apply probabilistic risk assessment to a Service Oriented Architecture environment (where each service is an application or a business process that depends on other services, local and networked resources) to estimate the service reliability, availability, expected costs over time and the importance measures of elements and configurations. Finally, a method of performing cost benefit analysis is presented to estimate the implication of changing the services-supporting infrastructure, while taking into consideration the varying impact of different services to the business.A case study is used to demonstrate the methods suggested in the thesis. The case study compares four different configurations, showing how equipment failure and human error can be placed into a single framework and addressed as a single system. The implications and application of the results are discussed and recommendations for further research are provided.
Description
Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2008.
 
Includes bibliographical references (p. 111-112) and index.
 
Date issued
2008
URI
http://hdl.handle.net/1721.1/43115
Department
System Design and Management Program.
Publisher
Massachusetts Institute of Technology
Keywords
System Design and Management Program.
Collections