Context-sensitive Information security Risk identification and evaluation techniques

Author

Ionita, Dan

Author_Institution

Cybersecurity & Safety Res. Group, Univ. of Twente, Enschede, Netherlands

fYear

2014

fDate

25-29 Aug. 2014

Firstpage

485

Lastpage

488

Abstract

The objective of my research is to improve and support the process of Information security Risk Assessment by designing a scalable Risk argumentation framework for socio-digital-technical Risk. Due to the various types of IT systems, diversity of architectures and dynamic nature of Risk, there is no one-size-fits all RA method. As such, the research hopes to identify guidelines for conducting Risk Assessments in contexts that raise special challenges such as Telecom and virtualized infrastructures. Finally, it will suggest ways of qualitatively and quantitatively evaluating Information Security Risks in such scenarios by using argumentation and/or modelling attacker business cases.

Keywords

information systems; risk management; security of data; IT systems; RA method; architectures diversity; context-sensitive information security risk identification; evaluation techniques; information security risk assessment; scalable risk argumentation framework; socio-digital-technical risk; telecom; virtualized infrastructures; Context; Information security; Risk management; Standards; Telecommunications;

fLanguage

English

Publisher

ieee

Conference_Titel

Requirements Engineering Conference (RE), 2014 IEEE 22nd International

Conference_Location

Karlskrona

Print_ISBN

978-1-4799-3031-9

Type

conf

DOI

10.1109/RE.2014.6912303

Filename

6912303