IT Confidentiality Risk Assessment for an Architecture-Based Approach

A. Morali, Emmanuele Zambon, Sandro Etalle, Paul Overbeek

    Research output: Book/ReportReportProfessional

    2 Citations (Scopus)
    207 Downloads (Pure)

    Abstract

    Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is modeldriven integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact for confidentiality incidents. Furthermore, depending on the monetary value of an information asset, we bridge the technical and business-oriented views of information security.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherDistributed and Embedded Security (DIES)
    Number of pages10
    Publication statusPublished - 25 Jan 2008

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    No.TR-CTIT-08-05
    ISSN (Print)1381-3625

    Keywords

    • EWI-11953
    • METIS-250873
    • IR-64635
    • SCS-Cybersecurity

    Cite this

    Morali, A., Zambon, E., Etalle, S., & Overbeek, P. (2008). IT Confidentiality Risk Assessment for an Architecture-Based Approach. (CTIT Technical Report Series; No. TR-CTIT-08-05). Enschede: Distributed and Embedded Security (DIES).