In this century, information, along with other factors of production, is a valuable and vital component of the organizations. With increasing technology advances, organizations have realized the undeniable benefits of Information Technology (IT) to increase the quality, accuracy and speed of affairs and most managers have become aware of the importance of its use in increasing efficiency and ef...

Security risk analysis should be conducted regularly to maintain an acceptable level of security. In principle, all risks that are unacceptable according to the predefined criteria should be mitigated. However, risk mitigation comes at a cost, and only the countermeasures that cost-efficiently mitigate risks should be implemented. This paper presents an approach to integrate the countermeasure ...

There are numerous forecast models of software development costs, however, various problems become apparent in context to practical application. Standardized methods, such as COCOMO II have to be calibrated at an individual operational level on the basis of the underlying database. This paper presents a new activity based approach that is based on business specific cost data that can be easily ...

The importance of information as a resource and competitive factor in today’s society and economy is constantly rising. As a consequence, it becomes necessary for organizations to manage the risks that arise from poor information quality (IQ) in the same way other operational and strategic risks are managed. Information is, however, an unique and intangible resource that requires special method...

We discuss a simple model of disk backups and other maintenance processes that include change to computer data. We determine optimal strategies for scheduling such processes. A maximum entropy model of random change provides a simple and intuitive guide to the process of sector based disk change and leads to an easily computable optimum time for backup that is robust to changes in the model. We...

We are already into the fall season with winter rapidly approaching. As always, we have many changes to report at the Diagnostic Laboratory. We ended our 1998-1999 fiscal year with a 23 percent increase in accessions compared to the previous year. We are constantly working on improving our diagnostic testing ability, frequently by using molecular techniques. Some of these new advances are detai...

Operator error has been blamed for many accidents and incidents in safety-critical systems. It is important that humanmachine interface (HMI) designers are aware of the relationships between their design decisions, operator errors, and the hazards associated with a system. In this paper, we demonstrate how information from risk analysis can be combined with formal specification of the HMI, to s...

Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in existing formalisms, such properties are considered independent. For example, investing more in ...

While conventional business administration-based information technology management methods are applied to the risk analysis of information systems, no security risk analysis techniques have been used in relation to information protection. In particular, given the rapid diffusion of information systems and the demand for information protection, it is vital to develop security risk analysis techn...

The present paper should be seen as a basis for discussion of important aspects of risk analysis and assessment, as well as attempting to describe risk assessment in accordance with the present state of the art. Risk assessment is thus presented in an overview form from the viewpoint of being a means for decision-making and thus within the formal framework of decision theory. First the motivati...