Modeling and mitigation of information technology risks
Abstract/Contents
- Abstract
- Information technology security has become a critical component of managing the risks associated with communication networks that support the global economy. Unlike the financial markets where a rich set of tools exist to measure and control the risks associated with financial decisions, no such tools exist for risk associated with information technology. Quantitative methods that have been studied to date are quantitative only in that they involve the measurements of some metrics. A model, however, should enable management to explain current phenomena or potentially provide qualitative arguments for policies. The tools today do not permit such discussion. In this dissertation, the models I develop address some of the fundamental nuances of information technology security. First, the topology of the network influences the nature of the risks associated with each node and should be accounted for. Second, such a model must incorporate the non-symmetric relationship found in the network. The relationships are typically bi-directional with unequal weights. Within this context, the models here attempt to answer the fundamental question: "How should I allocate my resources in order to manage the information technology risks I face?" This allocation can occur at an industry level amongst multiple corporations, within a company amongst a multitude of nodes or even at the vulnerability level. Within this context, I present three models. First, I develop a prioritization model that balances the impact of the topology of the network and the level of potential impact of an individual vulnerability. Second, I create a class of interdependent security investment models to incorporate asymmetries of utility functions and a mixture of positive and negative externalities. Lastly, I generate a novel formulation of a dynamic risk networks model with interdependent states. Overall, the models provide anchor points in the largely uncharted field of IT risk management.
Description
| Type of resource | text |
|---|---|
| Form | electronic; electronic resource; remote |
| Extent | 1 online resource. |
| Publication date | 2010 |
| Issuance | monographic |
| Language | English |
Creators/Contributors
| Associated with | Miura-Ko, Reiko Ann |
|---|---|
| Associated with | Stanford University, Department of Management Science and Engineering |
| Primary advisor | Bambos, Nicholas |
| Thesis advisor | Bambos, Nicholas |
| Thesis advisor | Brandeau, Margaret L |
| Thesis advisor | Byers, Thomas (Thomas H.) |
| Advisor | Brandeau, Margaret L |
| Advisor | Byers, Thomas (Thomas H.) |
Subjects
| Genre | Theses |
|---|
Bibliographic information
| Statement of responsibility | Reiko Ann Miura-Ko. |
|---|---|
| Note | Submitted to the Department of Management Science and Engineering. |
| Thesis | Thesis (Ph. D.)--Stanford University, 2010. |
| Location | electronic resource |
Access conditions
- Copyright
- © 2010 by Reiko Ann Miura-Ko
- License
- This work is licensed under a Creative Commons Attribution Non Commercial 3.0 Unported license (CC BY-NC).
Also listed in
Loading usage metrics...