Dissertação
Análise/avaliação de riscos de segurança de informação: quantificação de confiança como um parâmetro de redução de desvios de resultados por causas humanas
Fecha
2014-02-28Registro en:
LÓPEZ, Víctor Leonel Orozco. RISK ASSESSMENT IN INFORMATION SECURITY: QUANTIFICATION OF
TRUST AS A PARAMETER TO REDUCE BIASES IN RESULTS AS A PRODUCT OF HUMAN FACTORS. 2014. 100 f. Dissertação (Mestrado em Ciência da Computação) - Universidade Federal de Santa Maria, Santa Maria, 2014.
Autor
López, Víctor Leonel Orozco
Institución
Resumen
Risk management constitutes a basis for decision making since it creates a view that
allows to identify and control risks that can compromise the assets of a given organization. The
standard ISO 27005:2011 states that one of the fundamental steps on a risk management plan
is the definition of security policies with the usage of risk assessment to estimate the severity
of the threats that a given organization faces. Despite the existence of several methodologies
to achieve successful risk assessments, preview evidence has demonstrated that the presence
of human data sources for risk assessments can produce biased results, thus compromising the
business continuity as a result of unnecessary or wrong investments.
Using the confidence level of human sources to give emphasis to individuals considered
as more reliable, this work presents a proposal to reduce biases by using weights in risk assessments.
The concept of trust used is a function of trust among coworkers and performance
evaluations, which allowed to create an evolutionary process that refines the notions of trust
through the execution of continuum cycles of risk management .
A validation of the evolution of the process of risk management during various periods
of time showed that the use of coefficients of trust in risk assessment can effectively improve the
accuracy of risk estimates. As a result the developed model for quantification of trust enabled
the creation of a tool to minimize deviations of results due human causes.