Combining IRAM2 with Cost-BenefitAnalysis for Risk Management : Creating a hybrid method with traditional and economic aspects

University essay from Luleå tekniska universitet/Institutionen för system- och rymdteknik

Abstract: The aim of this thesis is to contribute to the risk methodology field by introducing a method that covers both economic and information security aspects. The aim is to provide a way for practitioners to get results that is enough for decision makers to make valid and well-grounded decisions. There are a lot of traditional risk assessment methods that focus on information security. There are also CBA (Cost-Benefit Analysis) methods that are used to make sure investments are cost-effective and provide value for the organization. The aim of this thesis is to combine those and see if they can be merged to one risk assessment method to increase the value of the result. CBA will be added to a more traditional risk assessment method called IRAM2. The thesis will evaluate if they are suited to be used together and if it provides a more valuable result when combining them than only using one of them. The research method that has been used in this study is ADR. It has been used as a way of working when producing a new hybrid method together with some design principles regarding how to combine traditional risk management with economic equations.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)