Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

Emmanuele Zambon (Editor), Emmanuele Zambon (Editor), Sandro Etalle, Roelf J. Wieringa, Pieter H. Hartel

    Research output: Book/ReportReportProfessional

    49 Downloads (Pure)

    Abstract

    An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherDistributed and Embedded Security (DIES)
    Number of pages26
    Publication statusPublished - 4 Sep 2009

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.TR-CTIT-09-35
    ISSN (Print)1381-3625

    Keywords

    • EWI-15983
    • SCS-Cybersecurity
    • IR-67575
    • METIS-265752
    • SCS-Services

    Cite this

    Zambon, E. (Ed.), Zambon, E. (Ed.), Etalle, S., Wieringa, R. J., & Hartel, P. H. (2009). Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures. (CTIT Technical Report Series; No. TR-CTIT-09-35). Enschede: Distributed and Embedded Security (DIES).