Risks Assessment Methodology for Medium-sized Organisations

PonomaryovDenys Ponomaryov graduated from Kharkiv National University of Radio Electronics (KNURE), Ukraine and has recently passed his MPhil viva at WIT with a thesis on “Risks Assessment Methodology for Medium-sized Organisations”. The external examiner was Dr Nathan Clarke from the University of Plymouth and the internal was Dr Andrés Peratta.

The scope of his thesis was in the field of Data Security and Risk Management applied to modern enterprises. Denys gave an extensive presentation of his thesis which was well received by both examiners. The purpose of the work was to justify and develop an expanded system to assess information security risks, taking into account the ambiguity of raw input information about resources of informational systems. Different modern methods of risk management and risk assessment were analyzed and compared.

A detailed analysis of Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) and OCTAVE-S methods was carried out leading to the identification of advantages and drawbacks of each, led to the development of a novel method (OCTAVE-M). The developed OCTAVE-M method satisfied the requirement of a medium-sized enterprise, combining the advantages of both basic methods which minimized its drawbacks

The results of the application of the proposed method to a medium-sized enterprise justified its advantage along with the existing ones.

As a result of his research, both examiners recommended that Denys be awarded the degree of Master of Philosophy.

Grateful acknowledgement is given to the Foreign and Commonwealth Office for their support.