EEMCS

There is a more recent version of this eprint available. Click here to view it.

Full text available as:

PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader 693 Kb

Abstract

An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous
quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model.

Available Versions of this Item

• Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures (deposited 07 September 2009)
  [Currently Displayed]
  • Model-based Qualitative Risk Assessment for Availability of IT Infrastructures (deposited 17 October 2010)

Export this item as:

• BibTeX
• XML

To correct this item please ask your editor

Repository Staff Only: edit this item