Development of a Failure Mode and Effects Analysis Based Risk Assessment Tool for Information Security

Lai, Lotto Kim Hung; Chin, Kwai‐Sang

doi:10.7232/iems.2014.13.1.087

Cited by 3 publications

(7 citation statements)

References 15 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…FMEA is growing and can be used in various fields, including Information Technology. The difference in the use of FMEA is based on the risk object to be measured (Lai and Chin, 2014). In addition, the focal point of risk measurement in this research is IT risks.…”

Section: Failure Mode and Effect Analysis (Fmea)mentioning

confidence: 99%

“…The FMEA method applied in risk management bears a consistency issue (Barends et al, 2012;Estorilio and Posso, 2010;Gary Teng et al, 2006;Oldenhof et al, 2011). A research conducted by (Lai and Chin, 2014) proposed Information Security FMEA Circle that modified traditional FMEA methodology. Moreover, another research by (Oldenhof et al, 2011) examined the consistency of FMEA by assessing risks in different teams in a case study.…”

Section: Related Workmentioning

confidence: 99%

“…The number of studies that combines FMEA and information security risks is still limited (Silva et al, 2014). The use of FMEA in the IT field still needs to be explored (Lai and Chin, 2014). The consistency of traditional FMEA in the IT field has been proved by (Subriadi et al, 2018).…”

Section: Related Workmentioning

confidence: 99%

“…Studies that combine the use of FMEA and information security risks are not that many (Silva et al, 2014). Thus, FMEA in the IT field needs to be explored (Lai and Chin, 2014). This study analyzed the consistency of traditional FMEA and Improved FMEA in IT Risk Assessment.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

The consistency analysis of failure mode and effect analysis (FMEA) in information technology risk assessment

Subriadi

Najwa

2020

Heliyon

View full text Add to dashboard Cite

FMEA is as a method for assessing IT risks. This research aimed to examine the consistency of both traditional FMEA and improved FMEA in IT risk assessment. Improved FMEA is the result of a synthesis framework to minimize consistency in traditional FMEA. Two sets of action research cycles (plan, act, observe, reflect) were applied in this research. Action Research 1 was used to examine and prove the consistency of traditional FMEA. On the other hand, Action Research 2 was applied to examine the consistency of improved FMEA. Tests were carried out by two different teams in the same case study. The consistency was observed in the gap of the RPN results in both teams, and the differences result in both action research cycles. Action Research 1 proved that traditional FMEA was not consistent. The gap in the amount of risk at a very high level was four risks. However, Action research 2 had the same amount of risk at a very high level. Based on the correlation test, the consistency of action research 1 was 0.848 (very large correlation), and the action research 2 was 0.937 (near-perfect correlation). The consistency of improved FMEA proved to be more consistent than traditional FMEA. The limitation of this study was memory issues because both action research cycles were carried out by the same team and with similar case studies. Further research is expected to compare traditional FMEA and improved FMEA in different case studies. The theoretical contribution was the improved FMEA synthesis based on limitations of traditional FMEA. The FMEA team may use Improved FMEA Framework.

show abstract

Section: Failure Mode and Effect Analysis (Fmea)mentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

The consistency analysis of failure mode and effect analysis (FMEA) in information technology risk assessment

Subriadi

Najwa

2020

Heliyon

View full text Add to dashboard Cite

show abstract

“…Establish the context: Identify the objectives of the project, event or relationship and then consider the internal and external parameters. According to Lai and Chin (2004), the process part of ISO 31000:2009 is the same as AS/NZS 4360:1999, AIRMIC, ALARM, IRM:2002 and ISO 27005:2011. The FMEA is a methodology aimed as a risk assessment tool because of its semi-quantitative approach in calculating RPN.…”

Section: Background Of Iso 31000:2009mentioning

confidence: 99%

Applying a Risk Management Framework to the Thai Massage Businesses

Wanitwattanakosol¹

2020

J. Eng. Appl. Sci.

View full text Add to dashboard Cite

This research developed a risk management framework based on ISO 31000:2009 for the Thai massage industry. The Thai massage standard is regulated by Thai Ministry of Public Health. Nevertheless, this standard should include a risk management for reassessing the current ones. The risk perspective was characterized by customer, massage staff, service, competitor and place. Next, risks were identified by interviewing the spa operators and in some cases, the spa service operator also. The required number of sample interviewees were calculated using Yamane's formula in a finite population. A draft version of the framework included 23 Key Risk Indicators (KRIs). After a consistency check by two specialists, two KRIs were eliminated, leaving 21 KRIs in the study framework. The risk level of each indicator was determined by multiplying the likelihood, impact and detection scores; each of these three dimensions were rated on a five-point scale. Of the 21 KRIs, four were extremely high risks, three were high, six moderate and eight low. At the step of risk treatment, one indicator shall be accounted in terminate type, seventeen indicators were carried in treat type. Treatment was selected potential action for others. During all steps were done along with appropriate active communication and oversight.

show abstract

Development of an Ergonomic, Portable, Climber-Propelled Date Tree Climbing Device

Rafiee

Razeghi

Choobineh

et al. 2022

Journal of Agromedicine

View full text Add to dashboard Cite

Development of a Failure Mode and Effects Analysis Based Risk Assessment Tool for Information Security

Cited by 3 publications

References 15 publications

The consistency analysis of failure mode and effect analysis (FMEA) in information technology risk assessment

The consistency analysis of failure mode and effect analysis (FMEA) in information technology risk assessment

Applying a Risk Management Framework to the Thai Massage Businesses

Development of an Ergonomic, Portable, Climber-Propelled Date Tree Climbing Device

Contact Info

Product

Resources

About