High-Stakes IS Risk and Decision-Making
Permanent URI for this collection
1 - 3 of 3
ItemClassifying Risk Uncertainty for Decision Making( 2019-01-08)Studies of NASA mishaps often reveal a flawed decision-making process – one that underestimates risk. In this paper we turn our attention from the risk itself to uncertainty about the risk. In particular, we look at how decision-making accounts for uncertainties about a risk’s likelihood of occurring and the consequence if it does occur. We propose a simple way of classifying risks according to these uncertainties. Then we use this classification scheme to gain insight into the flawed decision-making that contributed to the Challenger disaster and other NASA mishaps as well. We show how our risk classification scheme can improve decision-making and help avoid mishaps in the future.
ItemApplication Software Cybersecurity Scanning( 2019-01-08)Scanning software applications for cybersecurity vulnerabilities is a crucial step is assessing the overall health of the application, but how can this kind of scan be performed to give development teams the information they need to make informed design decisions? Two pilot cybersecurity scans were conducted in an attempt to answer this question. A scanning team composed of various subject matter experts was established and worked closely with the development team to perform these scans and capture metrics throughout the process. These interactions and metrics indicate that these scans can be performed in an unobtrusive way and still provide valuable information to development teams regarding the health of their application. This work is not definitive in nature but serves as a foundation for future work.