IT confidentiality risk assessment for an architecture-based approach

A. Morali, E. Zambon, S. Etalle, P.L. Overbeek

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

2 Citations (Scopus)
1 Downloads (Pure)

Abstract

Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and business- oriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.
Original languageEnglish
Title of host publicationProceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008)
EditorsC. Bartolini, A. Sahai, J.P. Sauvé
PublisherInstitute of Electrical and Electronics Engineers
Pages31-40
ISBN (Print)978-1-4244-2191-6
DOIs
Publication statusPublished - 2008

Fingerprint Dive into the research topics of 'IT confidentiality risk assessment for an architecture-based approach'. Together they form a unique fingerprint.

  • Cite this

    Morali, A., Zambon, E., Etalle, S., & Overbeek, P. L. (2008). IT confidentiality risk assessment for an architecture-based approach. In C. Bartolini, A. Sahai, & J. P. Sauvé (Eds.), Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008) (pp. 31-40). Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/BDIM.2008.4540072