Quantifying and managing the risk of information security breaches participants in a supply chain
Thesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2005.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2006
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/33313 |
| _version_ | 1811088573112254464 |
|---|---|
| author | Bellefeuille, Cynthia Lynn |
| author2 | George Kocur. |
| author_facet | George Kocur. Bellefeuille, Cynthia Lynn |
| author_sort | Bellefeuille, Cynthia Lynn |
| collection | MIT |
| description | Thesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2005. |
| first_indexed | 2024-09-23T14:04:10Z |
| format | Thesis |
| id | mit-1721.1/33313 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T14:04:10Z |
| publishDate | 2006 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/333132019-04-11T02:05:48Z Quantifying and managing the risk of information security breaches participants in a supply chain Quantifying and managing the risk of information security breaches to the supply chain Bellefeuille, Cynthia Lynn George Kocur. Massachusetts Institute of Technology. Engineering Systems Division. Massachusetts Institute of Technology. Engineering Systems Division. Engineering Systems Division. Thesis (M. Eng. in Logistics)--Massachusetts Institute of Technology, Engineering Systems Division, 2005. Includes bibliographical references (leaf 70). Technical integration between companies can result in an increased risk of information security breaches. This thesis proposes a methodology for quantifying information security risk to a supply chain participant. Given a system responsible for supply chain interaction and the vulnerabilities attributed to the system, the variables that determine the probability and severity of security incidents were used to create a model to quantify the risk within three hypothetical information systems. The probability of an incident occurring was determined by rating the availability and ease of performing an exploit, the attractiveness of the target and an estimate of the frequency of the attack occurring Internet wide. In assigning a monetary value to the incident, the outcome from an attack was considered in terms of the direct impact on the business process and the potential impact on partnerships. A method for determining mitigation strategies was then proposed based on a given set of monetary constraints and the realization of corporate security policy. by Cynthia Lynn Bellefeuille. M.Eng.in Logistics 2006-07-13T15:14:34Z 2006-07-13T15:14:34Z 2005 2005 Thesis http://hdl.handle.net/1721.1/33313 62311875 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 74 leaves 3803915 bytes 3806941 bytes application/pdf application/pdf application/pdf Massachusetts Institute of Technology |
| spellingShingle | Engineering Systems Division. Bellefeuille, Cynthia Lynn Quantifying and managing the risk of information security breaches participants in a supply chain |
| title | Quantifying and managing the risk of information security breaches participants in a supply chain |
| title_full | Quantifying and managing the risk of information security breaches participants in a supply chain |
| title_fullStr | Quantifying and managing the risk of information security breaches participants in a supply chain |
| title_full_unstemmed | Quantifying and managing the risk of information security breaches participants in a supply chain |
| title_short | Quantifying and managing the risk of information security breaches participants in a supply chain |
| title_sort | quantifying and managing the risk of information security breaches participants in a supply chain |
| topic | Engineering Systems Division. |
| url | http://hdl.handle.net/1721.1/33313 |
| work_keys_str_mv | AT bellefeuillecynthialynn quantifyingandmanagingtheriskofinformationsecuritybreachesparticipantsinasupplychain AT bellefeuillecynthialynn quantifyingandmanagingtheriskofinformationsecuritybreachestothesupplychain |