Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CNSM
2010
2010
CRAC: Confidentiality risk assessment and IT-infrastructure comparison
Confidentiality is a critical aspect in todays Risk Assessment (RA) practices for many industrial organizations. Assessing confidentiality risks is challenging and the result of a confidentiality RA is still largely based on the subjective opinion of the risk assessor(s). The presence of cross-organization cooperations (e.g. outsourcing), makes a confidentiality RA even more challenging because there are additional threat agents to take into account (e.g. an outsourcers employee). In this paper we present CRAC, an IT infrastructure-based method for assessing and comparing confidentiality risks of IT based collaborations. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets and user credentials), and the paths that may be followed by different attackers (e.g. insider, outsider and outsourcer). We also show how the CRAC-method can be applied in practice and we evaluate its effectiveness by
Real-time Traffic| Added | 10 Feb 2011 |
| Updated | 10 Feb 2011 |
| Type | Journal |
| Year | 2010 |
| Where | CNSM |
| Authors | Ayse Morali, Emmanuele Zambon, Sandro Etalle, Roel Wieringa |
Comments (0)
Researcher Info
|
