Information System Incidents: The Development of a Damage Assessment Model
AIR FORCE INST OF TECH WRIGHT-PATTERSONAFB OH
Pagination or Media Count:
Information system IS incidents are on the rise. With low manning and undertrained information security specialists it is difficult for organizations to stop IS incidents from occurring. Once an incident has occurred it is the IS managers responsibility to ensure that a full and accurate damage assessment has been accomplished. However, most IS managers lack the necessary tools to assess the damage from an incident. This exploratory thesis developed an IS incident damage assessment model DAM that can be part of the IS managers tool kit. During the development of the model, it became apparent that the model was supported by a foundation of business processes. Therefore, the most important thing an IS manager can do is define their organizations business processes and bow they relate to information systems. The model is based on eight primary factors to considered 1 recovery, 2 educationtraining, 3 business expenses, 4 productivity, 5 data, 6 lost revenue, 7 reputation, and 8 human life. Each factor is then further expanded into sub-factors that better define and explain the primary factors. These sub-factors can be directly mapped to business processes previously defined by the information system manager. The final product is an IS incident DAM tailored to the needs of the IS managers organization.
- Computer Systems
- Computer Systems Management and Standards