Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

Emmanuele Zambon (Editor), Emmanuele Zambon (Editor), Sandro Etalle, Roelf J. Wieringa, Pieter H. Hartel

    Research output: Book/ReportReportProfessional

    44 Downloads (Pure)

    Abstract

    An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherDistributed and Embedded Security (DIES)
    Number of pages26
    Publication statusPublished - 4 Sep 2009

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.TR-CTIT-09-35
    ISSN (Print)1381-3625

    Keywords

    • EWI-15983
    • SCS-Cybersecurity
    • IR-67575
    • METIS-265752
    • SCS-Services

    Cite this

    Zambon, E. (Ed.), Zambon, E. (Ed.), Etalle, S., Wieringa, R. J., & Hartel, P. H. (2009). Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures. (CTIT Technical Report Series; No. TR-CTIT-09-35). Enschede: Distributed and Embedded Security (DIES).
    Zambon, Emmanuele (Editor) ; Zambon, Emmanuele (Editor) ; Etalle, Sandro ; Wieringa, Roelf J. ; Hartel, Pieter H. / Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures. Enschede : Distributed and Embedded Security (DIES), 2009. 26 p. (CTIT Technical Report Series; TR-CTIT-09-35).
    @book{aa0665c8abcc40b3881189fcbb708bbe,
    title = "Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures",
    abstract = "An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model.",
    keywords = "EWI-15983, SCS-Cybersecurity, IR-67575, METIS-265752, SCS-Services",
    author = "Sandro Etalle and Wieringa, {Roelf J.} and Hartel, {Pieter H.}",
    editor = "Emmanuele Zambon and Emmanuele Zambon",
    year = "2009",
    month = "9",
    day = "4",
    language = "Undefined",
    series = "CTIT Technical Report Series",
    publisher = "Distributed and Embedded Security (DIES)",
    number = "TR-CTIT-09-35",

    }

    Zambon, E (ed.), Zambon, E (ed.), Etalle, S, Wieringa, RJ & Hartel, PH 2009, Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures. CTIT Technical Report Series, no. TR-CTIT-09-35, Distributed and Embedded Security (DIES), Enschede.

    Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures. / Zambon, Emmanuele (Editor); Zambon, Emmanuele (Editor); Etalle, Sandro; Wieringa, Roelf J.; Hartel, Pieter H.

    Enschede : Distributed and Embedded Security (DIES), 2009. 26 p. (CTIT Technical Report Series; No. TR-CTIT-09-35).

    Research output: Book/ReportReportProfessional

    TY - BOOK

    T1 - Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

    AU - Etalle, Sandro

    AU - Wieringa, Roelf J.

    AU - Hartel, Pieter H.

    A2 - Zambon, Emmanuele

    A2 - Zambon, Emmanuele

    PY - 2009/9/4

    Y1 - 2009/9/4

    N2 - An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model.

    AB - An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model.

    KW - EWI-15983

    KW - SCS-Cybersecurity

    KW - IR-67575

    KW - METIS-265752

    KW - SCS-Services

    M3 - Report

    T3 - CTIT Technical Report Series

    BT - Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

    PB - Distributed and Embedded Security (DIES)

    CY - Enschede

    ER -

    Zambon E, (ed.), Zambon E, (ed.), Etalle S, Wieringa RJ, Hartel PH. Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures. Enschede: Distributed and Embedded Security (DIES), 2009. 26 p. (CTIT Technical Report Series; TR-CTIT-09-35).