CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison

A. Morali; Emmanuele Zambon; Sandro Etalle; Roelf J. Wieringa

CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison

A. Morali, Emmanuele Zambon, Sandro Etalle, Roelf J. Wieringa

Research output: Contribution to conference › Paper › Academic

153 Downloads (Pure)

Abstract

In this paper we present CRAC, an IT infrastructure-based method for assessing and comparing confidentiality risks of IT based collaborations. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets and user credentials), and the paths that may be followed by different attackers (e.g. insider, outsider and outsourcer). We also show how the CRAC-method can be applied in practice and we evaluate its effectiveness by applying it to a real-world outsourcing case.

Original language	English
Number of pages	12
Publication status	Published - Sep 2010
Event	25th IFIP International Information Security Conference, SEC 2010: "Security & Privacy - Silver Linings in the Cloud" - Brisbane, Australia Duration: 20 Sep 2010 → 23 Sep 2010

Conference

Conference	25th IFIP International Information Security Conference, SEC 2010: "Security & Privacy - Silver Linings in the Cloud"
Period	20/09/10 → 23/09/10
Other	20-23 Sep 2010

Keywords

IR-71369
RISK ASSESSMENT
IT-Infrastructure
Confidentiality

Access to Document

MZSW10_camerareadyFinal published version, 301 KB

Cite this

@conference{d2aa1dc7c3344a2ab0db021de7d4b70b,

title = "CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison",

abstract = "In this paper we present CRAC, an IT infrastructure-based method for assessing and comparing confidentiality risks of IT based collaborations. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets and user credentials), and the paths that may be followed by different attackers (e.g. insider, outsider and outsourcer). We also show how the CRAC-method can be applied in practice and we evaluate its effectiveness by applying it to a real-world outsourcing case.",

keywords = "IR-71369, RISK ASSESSMENT, IT-Infrastructure, Confidentiality",

author = "A. Morali and Emmanuele Zambon and Sandro Etalle and Wieringa, {Roelf J.}",

year = "2010",

month = sep,

language = "English",

note = "25th IFIP International Information Security Conference, SEC 2010: "Security & Privacy - Silver Linings in the Cloud" ; Conference date: 20-09-2010 Through 23-09-2010",

}

TY - CONF

T1 - CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison

AU - Morali, A.

AU - Zambon, Emmanuele

AU - Etalle, Sandro

AU - Wieringa, Roelf J.

PY - 2010/9

Y1 - 2010/9

N2 - In this paper we present CRAC, an IT infrastructure-based method for assessing and comparing confidentiality risks of IT based collaborations. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets and user credentials), and the paths that may be followed by different attackers (e.g. insider, outsider and outsourcer). We also show how the CRAC-method can be applied in practice and we evaluate its effectiveness by applying it to a real-world outsourcing case.

AB - In this paper we present CRAC, an IT infrastructure-based method for assessing and comparing confidentiality risks of IT based collaborations. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets and user credentials), and the paths that may be followed by different attackers (e.g. insider, outsider and outsourcer). We also show how the CRAC-method can be applied in practice and we evaluate its effectiveness by applying it to a real-world outsourcing case.

KW - IR-71369

KW - RISK ASSESSMENT

KW - IT-Infrastructure

KW - Confidentiality

M3 - Paper

T2 - 25th IFIP International Information Security Conference, SEC 2010: "Security & Privacy - Silver Linings in the Cloud"

Y2 - 20 September 2010 through 23 September 2010

ER -

CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this