Prioritization of Information Assurance (IA) Technology in a Resource Constrained Environment
Abstract
Classical risk analysis is a static process that does not account for rapid evolutionary or generational changes in technology and technological solutions. This thesis defines a process that expands classical risk analysis to increase visualization of the security environment of an information system. It provides a comparative analysis of system attributes and encourages focused communications between decision-makers and information systems technicians. Personal interviews with domain experts from four organizations were used to construct a baseline model. Face validity of the model was determined during sessions with the domain experts. The model was calibrated to two specific scenarios using a pair of surveys to set link values and establish data for the initial nodes. A verification phase compared rough results from the model with expert opinion. The model evaluated, prioritized and graphically illustrated shortfalls within two information systems based on the relative importance of specific criteria established by the domain experts. It facilitated the extraction of implicit or tacit knowledge from the domain experts that would not emerge during a classical risk analysis.
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2001
- Accession Number
- ADA457789
Entities
People
- Carl P. Brodhun Iii
Organizations
- Naval Postgraduate School