Research Student Profile

Home People Profile...

Dr Vassilis Dimopoulos PhD

Research Student

Brief biographical information



Access thesis on-line

Effective Information Assurance with Risk Management

Today's businesses base their operation on their IT infrastructure, which consequently demands that it should be protected accordingly. Nevertheless, surveys tend to indicate that the number of IT security incidents is increasing, resulting in significant losses for the organisations concerned. Leading in poor security practices, and therefore frequent victims of related security incidents, are Small and Medium Enterprises (SMEs). Even though there are a number of solutions, ranging from baseline guidelines to a detailed Risk Assessment (which can be followed to guide organisations through systematically selecting appropriate controls and practices to properly secure their networked assets), evidence suggests that these are not being employed by SMEs. Constraints such as lack of budget, security personnel and awareness are amongst the factors that are deterring SMEs from adopting such solutions, and therefore contributing to their continued problem with security incidents.

This thesis specifically targets the problem of security risk assessment within SME environments. Following an examination of the aforementioned constraints, the investigation considers the existing solutions, establishing the reasons that they are not appropriate for SME users. The research identifies that SMEs are in need of a solution that represents a progression of current guidelines, but without being as complicated as existing forms of Risk Analysis. Therefore a new methodology is designed, known as PRAM (Profile-based Risk Analysis and Management), which enables SMEs to analyse and manage their risks in a way that is simple to use and understand, as well as providing economic considerations on threats, their likelihood, effect and the spending required to reduce them to an acceptable level.

The methodology is then implemented within a working prototype, which is evaluated using a series of test scenarios. These scenarios are also used as the basis for evaluating existing SME-oriented Risk Analysis solutions, and the findings determine that the PRAM approach is able to deliver a more comprehensive solution. In addition, an evaluation of the PRAM prototype by a series of end-users suggests that it also succeeds in providing a more user-friendly solution than the current alternatives.

Overall, this thesis presents a solution that can be adopted by SMEs lacking in-house security expertise. It can assist them in understanding the threats they are under, while at the same time presenting appropriate information to enable management to evaluate their organisation.s current IT security situation and select appropriate countermeasures.

Dr Vassilis Dimopoulos

Director of studies: Prof Steven M Furnell
Other supervisors: Mr Ian Barlow, Dr Nathan L Clarke

Conference papers

Effective Information Assurance for SMEs
Dimopoulos V, Furnell SM, Clarke NL
Proceedings of he 11th Annual Working Conference on Information Security Management, 16-17 October, Richmond, USA, pp27-45, ISBN: 978-3-901882-31-9, 2008
Can be ordered on-line.
More details | Download PDF

A protection profiles approach to risk analysis for small and medium enterprises
Dimopoulos V, Furnell SM
Proceedings of IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conference on Security Management, Integrity, and Internal Control in Information Systems, Fairfax, Virginia, 1-2 December, pp267-283, 2005
More details

Effective IT Security for Small and Medium Enterprises
Dimopoulos V, Furnell SM
Proceedings of the Fourth Security Conference 2005, Las Vegas, USA, 30-31 March, 2005
More details | Download PDF

Approaches to IT Security in Small and Medium Enterprises
Dimopoulos V, Furnell SM, Jennex M, Kritharas I
Proceedings of the 2nd Australian Information Security Management Conference 2004, Perth, Australia, 26 November 2004, CD-ROM, pp73-82, 2004
More details | Download PDF

Factors affecting the adoption of IT risk analysis
Dimopoulos V, Furnell SM, Barlow I, Lines BL
The 3rd European Conference on Information Warfare and Security Royal Holloway, University of London, UK, 28-29 June, 2004
More details | Download PDF

Using protection profiles to simplify risk management
Dimopoulos V, Furnell SM, Barlow I, Lines BL
The Security Conference, April 14/15, Las Vegas, USA, 2004
More details | Download PDF

Considering IT Risk Analysis in Small and Medium Enterprises
Dimopoulos V, Furnell SM, Barlow I
Proceedings of the 1st Australian Information Security Management Conference 2003 (InfoSec03), Perth, Australia, 24 November, 2003
More details | Download PDF

Evaluating the reliability of commercially available biometric devices
Dimopoulos V, Fletcher J, Furnell SM
Proceedings of Euromedia 2003, Plymouth, England, 14-16 April, pp166-174, 2003
More details | Download PDF

8 Conference papers

Internal publications

Security policies for small and medium enterprises
Kanellos A, Dimopoulos V, Clarke NL
Advances in Network & Communication Engineering 3, pp20-29, 2006
Can be ordered on-line.
More details | Download PDF

IT Risk Analysis for Small and Medium Enterprises
Kritharas I, Dimopoulos V, Furnell SM
Advances in Network & Communication Engineering 2, pp27-34, 2005
More details

2 Internal publications

10 publication(s) - all categories.