CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison

A. Morali, Emmanuele Zambon, Sandro Etalle, Roelf J. Wieringa

    Research output: Contribution to conferencePaper

    82 Downloads (Pure)

    Abstract

    In this paper we present CRAC, an IT infrastructure-based method for assessing and comparing confidentiality risks of IT based collaborations. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets and user credentials), and the paths that may be followed by different attackers (e.g. insider, outsider and outsourcer). We also show how the CRAC-method can be applied in practice and we evaluate its effectiveness by applying it to a real-world outsourcing case.
    Original languageEnglish
    Number of pages12
    Publication statusPublished - Sep 2010
    Event25th IFIP International Information Security Conference, SEC 2010: "Security & Privacy - Silver Linings in the Cloud" - Brisbane, Australia
    Duration: 20 Sep 201023 Sep 2010

    Conference

    Conference25th IFIP International Information Security Conference, SEC 2010: "Security & Privacy - Silver Linings in the Cloud"
    Period20/09/1023/09/10
    Other20-23 Sep 2010

    Keywords

    • IR-71369
    • RISK ASSESSMENT
    • IT-Infrastructure
    • Confidentiality

    Fingerprint Dive into the research topics of 'CRAC: Confidentiality Risk Assessment and IT-Infrastructure Comparison'. Together they form a unique fingerprint.

    Cite this