Tuesday, August 24, 2010

Recent PhD Thesis on IT Risk Management

The 2008 PhD thesis of Domenico Salvati from the Laboratory for Safety Analysis at ETH, Zurich, on the Management of Information System Risks is available online. Salvati presents a structured approach to the IT risk management process which has some novel differences as compared to the more familiar frameworks. The thesis contains a long examples on computing the risk of a brute force password attack, and the risk of phishing attacks. The work has a very practical flavour as Salvati was sponsored by Credit Suisse for the thesis, as part of ZISC.


You can find a short bio on Domenico as part of the upcoming hashdays security and risk conference in Zurich.