The threat nets approach to information system security risk analysis

Mirembe, D., 2015, [Groningen]: University of Groningen, SOM research school. 139 p.

Research output: ThesisThesis fully internal (DIV)Academic

Copy link to clipboard


  • Drake Mirembe
The growing demand for healthcare services is motivating hospitals to strengthen outpatient case management using information systems in order to serve more patients using the available resources. Though the use of information systems in outpatient case management raises patient data security concerns, it was established that the current approaches to information systems risk analysis do not provide logical recipes for quantifying threat impact and determining the cost-effectiveness of risk mitigation controls. Quantifying the likelihood of the threat and determining its potential impact is key in deciding whether to adopt a given information system or not.

Therefore, this thesis proposes the Threat Nets Approach organized into 4 service recipes, namely: threat likelihood assessment service, threat impact evaluation service, return on investment assessment service and coordination management. The threat likelihood assessment service offers recipes for determining the likelihood of a threat. The threat impact evaluation service offers techniques of computing the impact of the threat on the organization. The return on investment assessment service offers recipes of determining the cost-effectiveness of threat mitigation controls. To support the application of the approach, a ThreNet tool was developed. The approach was evaluated by experts to ascertain its usability and usefulness. Evaluation of the Threat Nets Approach by the experts shows that it provides complete, usable and useful recipes for the assessment of; threat likelihood, threat impact and cost-effectiveness of threat mitigation controls. The results suggest that the application of Threat Nets approach is effective in quantifying risks to information systems
Original languageEnglish
QualificationDoctor of Philosophy
Awarding Institution
  • Sol, H, Supervisor
  • Lubega, J.T. (Jude), Supervisor, External person
  • Aiello, Marco, Assessment committee
  • Brock ,de, Bert, Assessment committee
  • van der Weide, Theo, Assessment committee, External person
Award date1-Oct-2015
Place of Publication[Groningen]
Print ISBNs978-90-367-8140-4
Electronic ISBNs978-90-367-8139-8
Publication statusPublished - 2015

Download statistics

No data available

ID: 24366704