IT confidentiality risk assessment for an architecture-based approach

A. Morali; E. Zambon; S. Etalle; P.L. Overbeek

doi:10.1109/BDIM.2008.4540072

IT confidentiality risk assessment for an architecture-based approach

A. Morali, E. Zambon, S. Etalle, P.L. Overbeek

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

2 Citaten (Scopus)

1 Downloads (Pure)

Samenvatting

Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and business- oriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.

Originele taal-2	Engels
Titel	Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008)
Redacteuren	C. Bartolini, A. Sahai, J.P. Sauvé
Uitgeverij	Institute of Electrical and Electronics Engineers
Pagina's	31-40
ISBN van geprinte versie	978-1-4244-2191-6
DOI's	https://doi.org/10.1109/BDIM.2008.4540072
Status	Gepubliceerd - 2008

Toegang tot document

10.1109/BDIM.2008.4540072

Citeer dit

Morali, A., Zambon, E., Etalle, S., & Overbeek, P. L. (2008). IT confidentiality risk assessment for an architecture-based approach. In C. Bartolini, A. Sahai, & J. P. Sauvé (editors), Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008) (blz. 31-40). Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/BDIM.2008.4540072

Morali, A. ; Zambon, E. ; Etalle, S. ; Overbeek, P.L. / IT confidentiality risk assessment for an architecture-based approach. Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008). redacteur / C. Bartolini ; A. Sahai ; J.P. Sauvé. Institute of Electrical and Electronics Engineers, 2008. blz. 31-40

@inproceedings{20d17e414abc436fa57e12cc2b1183fb,

title = "IT confidentiality risk assessment for an architecture-based approach",

abstract = "Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and business- oriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.",

author = "A. Morali and E. Zambon and S. Etalle and P.L. Overbeek",

year = "2008",

doi = "10.1109/BDIM.2008.4540072",

language = "English",

isbn = "978-1-4244-2191-6",

pages = "31--40",

editor = "C. Bartolini and A. Sahai and J.P. Sauv{\'e}",

booktitle = "Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008)",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

}

Morali, A, Zambon, E, Etalle, S & Overbeek, PL 2008, IT confidentiality risk assessment for an architecture-based approach. in C Bartolini, A Sahai & JP Sauvé (redactie), Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008). Institute of Electrical and Electronics Engineers, blz. 31-40. https://doi.org/10.1109/BDIM.2008.4540072

IT confidentiality risk assessment for an architecture-based approach. / Morali, A.; Zambon, E.; Etalle, S.; Overbeek, P.L.

Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008). redactie / C. Bartolini; A. Sahai; J.P. Sauvé. Institute of Electrical and Electronics Engineers, 2008. blz. 31-40.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - IT confidentiality risk assessment for an architecture-based approach

AU - Morali, A.

AU - Zambon, E.

AU - Etalle, S.

AU - Overbeek, P.L.

PY - 2008

Y1 - 2008

N2 - Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and business- oriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.

AB - Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and business- oriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.

U2 - 10.1109/BDIM.2008.4540072

DO - 10.1109/BDIM.2008.4540072

M3 - Conference contribution

SN - 978-1-4244-2191-6

SP - 31

EP - 40

BT - Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008)

A2 - Bartolini, C.

A2 - Sahai, A.

A2 - Sauvé, J.P.

PB - Institute of Electrical and Electronics Engineers

ER -

Morali A, Zambon E, Etalle S, Overbeek PL. IT confidentiality risk assessment for an architecture-based approach. In Bartolini C, Sahai A, Sauvé JP, redacteurs, Proceedings 3rd IEEE/IFIP International Workshop on Business-driven IT Management (BDIM 2008, Salvador, Brazil, April 7, 2008). Institute of Electrical and Electronics Engineers. 2008. blz. 31-40 https://doi.org/10.1109/BDIM.2008.4540072

IT confidentiality risk assessment for an architecture-based approach

Samenvatting

Toegang tot document

Vingerafdruk

Citeer dit