Abstract
We develop a two-stage model for identifying IT system modules with high security risks. In the first phase, we identify the subsystems that pose the highest risk and which require further investigation. In the next phase, we identify the high-security-risk modules using a more detailed approach. The output of this model helps managers decide on how to invest efficiently in improving the security of their IT system. We describe an application of this model to an IT system in an academic institution in Israel. In the first phase, three of ten subsystems are found to be very risky. In the next phase, we highlight the critical modules within those subsystems. The results of our application in the academic institution indicate that security breaches for the purpose of cheating are a greater threat than other types of security issues.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
