Title :
IT design criteria for damage reduction
Author_Institution :
Secorvo Security Consulting GmbH, Karlsruhe, Germany
Abstract :
In order to obtain security from the perspective of a social system, not only the damage probability but also the maximum possible damage must be reduced. Analysing social risk assessment shows us that the latter issue needs more attention. Moreover, autonomous decisions about risk as well as experience gathering are relevant factors of social risk assessment. IT systems therefore need to include appropriate features in order to comply with these factors. The paper explains how these features can be identified using requirements analysis, starting from the social goals. Ten highly reusable socio-technical criteria can be derived from social goals during this process. Complying features especially support responses of the social system in case of a technical system disturbance.
Keywords :
security of data; social aspects of automation; systems analysis; IT design criteria; IT security; IT systems; autonomous decisions; damage probability; damage reduction; experience gathering; information assurance; maximum possible damage; requirements analysis; reusable socio-technical criteria; social goals; social risk assessment; technical system disturbance; Access control; Design engineering; Information analysis; Information security; Risk analysis; Risk management; System analysis and design; Systems engineering and theory; Usability;
Conference_Titel :
Information Assurance, 2003. IWIAS 2003. Proceedings. First IEEE International Workshop on
Conference_Location :
Darmstadt, Germany
Print_ISBN :
0-7695-1886-9
DOI :
10.1109/IWIAS.2003.1192458
