Centro di Ricerca sui Sistemi Informativi

LUISS | Centro di Ricerca sui Sistemi Informativi |via O. Tommasini, 1 | 00162 Roma

Tel 06 865 06 792 | fax 06 865 06 506| e-mail: datri@luiss.it |www.luiss.it

Seminario

Venerdì 9 marzo 2007, ore 10.30

LUISS Guido Carli - Sala delle Colonne

Viale Pola, 12 - Roma

Possible Risks Analysis Engine: A Prototype Tool for

Managing IT Security Safeguards Acquisition

Richard Baskerville

Georgia State University

Abstract

Risk analysis provides a cost-benefit analysis of information security controls and safeguards in economic terms. Despite serious flaws in its fundamentals, approaches to calculating risk have changed little over the past decades. The publicly available frequency data that does exist is generally incompatible and unusable. Theories of mathematical evidence indicate that probability theory is inappropriate where frequency data is unavailable. While alternative theoretical frameworks have been suggested, practical vehicles for the use of such frameworks have yet to materialize. This paper reports on design science research that employs fuzzy sets and possibility theory as kernel theories to develop and demonstrate a prototype of such a practical vehicle. This vehicle opens avenues for testing and operating risk analysis methodologies based on alternative mathematical theories of evidence.

Richard L. Baskerville is a professor of information systems in the Department of Computer Information Systems, Robinson College of Business, Georgia State University. His research specializes in security of information systems, methods of information systems design and development, and the interaction of information systems and organizations. His interest in methods extends to qualitative research methods. Baskerville is the author of Designing Information Systems Security (J. Wiley) and more than 100 articles in scholarly journals, professional magazines, and edited books. He is an editor for The European Journal of Information Systems and serves on the editorial boards of The Information Systems Journal, Journal of Information Systems Security, and the International Journal of E-Collaboration. Baskerville's practical and consulting experience includes advanced information system designs for the U.S. Defense and Energy Departments. He is president of the Information Systems Academic Heads International, Secretary of IFIP Working Group 8.4, former information systems department chair at Georgia State, former chair of the IFIP Working Group 8.2, a Chartered Engineer under the British Engineering Council, a member of The British Computer Society and Certified Computer Professional. Baskerville holds degrees from the University of Maryland (B.S. summa cum laude, Management), and the London School of Economics, University of London (M.Sc., Analysis, Design and Management of Information Systems, Ph.D., Systems Analysis).