Assessing and managing risks to information assurance: A methodological approach

Abstract

AbstractRecent events such as the September 11th attack, the Yahoo! denial‐of‐service attack, the I Love You virus, and the Code Red worm have sparked a dramatic interest in assuring the future security of information infrastructures. Information systems are increasingly interconnected, interdependent, and complex. Information assurance (IA) attempts to answer critical questions of trust and credibility associated with our digital environment. It presents myriad considerations and decisions that transcend many dimensions: technological advancement, legal, political, economic, social, cultural, institutional, organizational, and educational. Despite the millions of dollars spent on firewalls, encryption technologies, and intrusion detection software, information infrastructure vulnerabilities and disruptive incidents continue. These trends have a significant impact on military operations now and for the next decades. This paper identifies and develops a methodological framework for assessing and managing IA risks. The methodology is based on the systems engineering design process as well as on the guiding principles of risk assessment and management. It builds on hierarchical holographic modeling (HHM) and risk filtering, ranking, and management (RFRM). HHM identifies a plethora of risk scenarios and sources of risk that are innate in current complex information systems. The flexibility of the HHM philosophy permits limitless representations of systems perspectives, constrained only by the knowledge, creativity, and imagination of the analyst and the appropriateness of the modeling efforts. RFRM is an eight‐phase process that filters the hundreds of risk scenarios down to a manageable few (10–20), and ranks them. The risk management phase then identifies the acceptable policy options and analyzes the tradeoffs among them by using quantifiable risk management tools. This process analyzes the wealth of statistical data on losses due to system failures, to intrusions, or to vulnerabilities of information assurance. © 2002 Wiley Periodicals, Inc. Syst Eng 5: 286–314, 2002