Abstract
The escalating digitization of business enterprises is leading to an increased complexitywithin the realm of Information Technology (IT), alongside a dynamically evolving
landscape of IT threats. Despite widespread awareness of IT security, many firms encounter challenges in conducting thorough risk analyses. A multitude of risk management tools exist, often carrying a hefty price tag and primarily target-ed towards larger
corporations. While these tools provide extensive guidelines and considerations for risk,
they tend to assess processes (qualitatively) and assets (quantitatively) in isolation rather
than in an integrated manner. This approach introduces a degree of imprecision in the
calculated risk values. The focus of this the-sis is the evaluation, conceptualization, and
implementation of a risk assessment software, designed to perform risk evaluations
based on collected qualitative and quantitative data sets. The aim is to develop a prototype application for the initial assessment of IT risks in businesses. The challenge lies in
programming a system that allows for a more comprehensive and accurate risk evaluation of IT systems, thereby enhancing the risk evaluation model. This model enables
the analysis and computation of management processes and their associated assets in a
unified framework. The implementation of statistical methods will involve considering
various approaches, subsequently evaluating them based on the requirements, functionality, complexity, and scalability.
| Date of Award | 2024 |
|---|---|
| Original language | German (Austria) |
| Supervisor | Harald Lampesberger (Supervisor) |