IT Confidentiality Risk Assessment for an Architecture-Based Approach

A. Morali, Emmanuele Zambon, Sandro Etalle, Paul Overbeek

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    11 Downloads (Pure)

    Abstract

    Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and businessoriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.
    Original languageUndefined
    Title of host publicationThird IEEE International Workshop on Business-Driven IT Management
    Place of PublicationLos Alamitos
    PublisherIEEE
    Pages31-40
    Number of pages10
    ISBN (Print)978-1-4244-2191-6
    DOIs
    Publication statusPublished - 3 Mar 2008
    EventThird IEEE International Workshop on Business-Driven IT Management - Salvador, Brazil
    Duration: 7 Apr 20087 Apr 2008

    Publication series

    Name
    PublisherIEEE Computer Society Press

    Workshop

    WorkshopThird IEEE International Workshop on Business-Driven IT Management
    Period7/04/087/04/08
    Other07 Apr 2008

    Keywords

    • METIS-250901
    • IR-62209
    • Risk analysis
    • Internet
    • Software Architecture
    • systems analysis
    • EWI-12092
    • SCS-Cybersecurity

    Cite this