Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
RE
2010
Springer
2010
Springer
Risk-based Confidentiality Requirements Specification for Outsourced IT Systems
Today, companies are required to be in control of their IT assets, and to provide proof of this in the form of independent IT audit reports. However, many companies have outsourced various parts of their IT systems to other companies, which potentially threatens the control they have of their IT assets. To provide proof of being in control of outsourced IT systems, the outsourcing client and outsourcing provider need a written service level agreement (SLA) that can be audited by an independent party. SLAs for availability and response time are common practice in business, but so far there is no practical method for specifying confidentiality requirements in an SLA. Specifying confidentiality requirements is hard because in contrast to availability and response time, confidentiality incidents cannot be monitored: attackers who breach confidentiality try to do this unobserved by both client and provider. In addition, providers usually do not want to reveal their own infrastructure to the...
Real-time TrafficConfidentiality | Confidentiality Requirements | Confidentiality Risk Assessment | RE 2010 | Software Engineering |
Related Content
| Added | 20 May 2011 |
| Updated | 20 May 2011 |
| Type | Journal |
| Year | 2010 |
| Where | RE |
| Authors | Ayse Morali, Roel Wieringa |
Comments (0)
Researcher Info
|
