Análise/avaliação de riscos de segurança de informação: quantificação de confiança como um parâmetro de redução de desvios de resultados por causas humanas
| Ano de defesa: | 2014 |
|---|---|
| Autor(a) principal: | |
| Orientador(a): | |
| Banca de defesa: | |
| Tipo de documento: | Dissertação |
| Tipo de acesso: | Acesso aberto |
| Idioma: | por |
| Instituição de defesa: |
Universidade Federal de Santa Maria
BR Ciência da Computação UFSM Programa de Pós-Graduação em Informática |
| Programa de Pós-Graduação: |
Não Informado pela instituição
|
| Departamento: |
Não Informado pela instituição
|
| País: |
Não Informado pela instituição
|
| Palavras-chave em Português: | |
| Link de acesso: | http://repositorio.ufsm.br/handle/1/5424 |
Resumo: | Risk management constitutes a basis for decision making since it creates a view that allows to identify and control risks that can compromise the assets of a given organization. The standard ISO 27005:2011 states that one of the fundamental steps on a risk management plan is the definition of security policies with the usage of risk assessment to estimate the severity of the threats that a given organization faces. Despite the existence of several methodologies to achieve successful risk assessments, preview evidence has demonstrated that the presence of human data sources for risk assessments can produce biased results, thus compromising the business continuity as a result of unnecessary or wrong investments. Using the confidence level of human sources to give emphasis to individuals considered as more reliable, this work presents a proposal to reduce biases by using weights in risk assessments. The concept of trust used is a function of trust among coworkers and performance evaluations, which allowed to create an evolutionary process that refines the notions of trust through the execution of continuum cycles of risk management . A validation of the evolution of the process of risk management during various periods of time showed that the use of coefficients of trust in risk assessment can effectively improve the accuracy of risk estimates. As a result the developed model for quantification of trust enabled the creation of a tool to minimize deviations of results due human causes. |