Evaluation of information security risks using hybrid assessment model

A risk is the possibility that an undesirable event could happen. Several risk management software tools have been developed in the past to address pressing industrial concerns such as risk identification and estimation, risk exposure, mitigation and keep track of risk positions and respective management plans. Several methods have been developed and used in risk assessments. Two specific methods of interest in this work are: "Risk Matrices" and "Risk Registers". A generic Risk Register application module and an updatable Risk Matrix module was designed. This work studies risk management techniques and employs a custom model for the automated assessment of IS risks. This model was implemented in phases corresponding to its aspects. The "Assessment methods" of interest to this work are Risk Registers, Risk Matrices and the Scenario Geek". What-if analysis is a data-intensive simulation whose goal is to inspect the behavior of a complex system under some given hypotheses called scenarios. What-ifs are used to generate qualitative descriptions of potential problems in the form of questions and responses lists of recommendations for preventing problems. The Risk Assessor was developed using Microsoft\´s Visual Basic .Net with Active Server Pages (ASP.Net) Technologies on .Net Framework 4.0. This work, if adopted will help keep track of the basic sources which can hamper the operations of the information technology organizations.