Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

Emmanuele Zambon (Editor), Emmanuele Zambon (Editor), Sandro Etalle, Roelf J. Wieringa, Pieter H. Hartel

    Research output: Book/ReportReportProfessional

    70 Downloads (Pure)


    An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentre for Telematics and Information Technology (CTIT)
    Number of pages26
    Publication statusPublished - 4 Sep 2009

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    ISSN (Print)1381-3625


    • EWI-15983
    • SCS-Cybersecurity
    • IR-67575
    • METIS-265752
    • SCS-Services

    Cite this