FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W1569111752> ?p ?o ?g. }

• W1569111752 abstract "Today almost every organization benefits from business opportunities created by digitalization. Digitalization allows, among others, to develop software products on shared platforms, to remotely access and alter patient records or remotely control power generators. This change in the technical environment has triggered changes in the legal environment, and introduced new compliance requirements. Consequently, protecting the confidentiality of digital information assets has become a major concern for many organizations. This concern is even bigger for organizations that connect their IT system with other organizations to reduce costs. Risk assessment methodologies provide stakeholders with sound knowledge on security risks that threaten the business. A risk assessment method should satisfy three conflicting requirements: accuracy, cost-efficiency, and inter-subjectivity. These three requirements form the dilemma of confidentiality risk assessment methods. Accuracy has to do with the level of granularity that a method allows when assessing the risk. Cost-efficiency is the crucial real limitation of all risk assessment methods. In practice, even risk assessments of large and information-intensive company sections rarely last longer than two weeks. The third requirement we look at in this dissertation is inter-subjectivity. Nowadays, despite the large use of standardized methods, the very result of a risk assessment is largely subjective, in the sense that other assessors may assess risks differently. This lack of inter-subjectivity means that risk assessments are difficult to replicate and risk assessment results are not comparable. Based on the dilemmas of confidentiality risk assessment methods, in this dissertation we propose five IT confidentiality risk assessment and evaluation methods, each of which extends the previous one. More specifically we present: (1) Extended eTVRA extends the eEurope secure and trusted architecture threat, vulnerability, and risk assessment (eTVRA) method with an information elicitation and structuring step. eTVRA is a model-based method specifically developed for telecom systems. This extension aims at assessing security risks of complex IT systems more accurately than checklist-based approaches. (2) DCRA is a model-based confidentiality method that is automated with a computational tool. It models the information system based on the IT architecture the system relies on, so that one can analyze how confidentiality breaches can propagate through the IT components of the system. DCRA aims at assessing confidentiality risks of complex IT systems more accurately than checklist-based approaches. (3) CRAC is a model-based confidentiality risk assessment method that sorts and compares two alternative technical solutions according to their risks. It analyzes risks according to where in the IT architecture information is accessible (information flow) and how difficult it is for different attackers to access it (attack paths). CRAC aims at increasing the inter-subjectivity of assessment results while reducing the assessment costs. (4) CRAC++ extends CRAC by gaining control over the confidentiality requirements in a network of organizations. Thus, it delivers a set of confidentiality control requirements that can be used for extending SLAs. CRAC++ aims at adapting IT architecture-based confidentiality RA methods to control confidentiality risks. (5) RiskREP is a risk-based security requirement elicitation and prioritization method, which is meant to be used for systems that are under development. It links business goals to IT risks based on the IT architecture. RiskREP aims at eliciting assessment-relevant information cost-efficiently. We validate and evaluate these methods in seven real world case studies at multinational companies from telecommunications, electronics and chemical industries. The results indicate that multinational organizations that are connected to other organizations by means of digitalization can benefit from IT architecture-based confidentiality risk assessment. The methods we propose show that assessing risks based on IT architecture (1) helps to reduce the assessment costs, (2) allows one to adjust the accuracy according to the business-criticality of a system and (3) increases the inter-subjectivity of qualitative risk assessment results." @default.
• W1569111752 created "2016-06-24" @default.
• W1569111752 creator A5015308371 @default.
• W1569111752 date "2011-06-07" @default.
• W1569111752 modified "2023-10-14" @default.
• W1569111752 title "IT architecture-based confidentiality risk assessment in networks of organizations" @default.
• W1569111752 cites W102680267 @default.
• W1569111752 cites W1490657313 @default.
• W1569111752 cites W1507175145 @default.
• W1569111752 cites W1508555652 @default.
• W1569111752 cites W1514370277 @default.
• W1569111752 cites W1541979851 @default.
• W1569111752 cites W1543835543 @default.
• W1569111752 cites W1545534834 @default.
• W1569111752 cites W1555842091 @default.
• W1569111752 cites W1565988340 @default.
• W1569111752 cites W1588988829 @default.
• W1569111752 cites W1597386479 @default.
• W1569111752 cites W1597543939 @default.
• W1569111752 cites W1602002062 @default.
• W1569111752 cites W1613252625 @default.
• W1569111752 cites W1634005769 @default.
• W1569111752 cites W1662441884 @default.
• W1569111752 cites W1739770529 @default.
• W1569111752 cites W183188457 @default.
• W1569111752 cites W1891044686 @default.
• W1569111752 cites W1941184313 @default.
• W1569111752 cites W1980159771 @default.
• W1569111752 cites W1981983328 @default.
• W1569111752 cites W1985858614 @default.
• W1569111752 cites W1987242689 @default.
• W1569111752 cites W1999898351 @default.
• W1569111752 cites W2000881364 @default.
• W1569111752 cites W2008520402 @default.
• W1569111752 cites W2017739343 @default.
• W1569111752 cites W2019360156 @default.
• W1569111752 cites W2030015318 @default.
• W1569111752 cites W2040803688 @default.
• W1569111752 cites W206387428 @default.
• W1569111752 cites W2075505590 @default.
• W1569111752 cites W2083658929 @default.
• W1569111752 cites W2084162600 @default.
• W1569111752 cites W2084944876 @default.
• W1569111752 cites W2085839111 @default.
• W1569111752 cites W2093130514 @default.
• W1569111752 cites W2098019984 @default.
• W1569111752 cites W2104179119 @default.
• W1569111752 cites W2105548540 @default.
• W1569111752 cites W2108176668 @default.
• W1569111752 cites W2109203551 @default.
• W1569111752 cites W2110889412 @default.
• W1569111752 cites W2111695375 @default.
• W1569111752 cites W2113237548 @default.
• W1569111752 cites W2115002281 @default.
• W1569111752 cites W2120984578 @default.
• W1569111752 cites W2121057544 @default.
• W1569111752 cites W2125693787 @default.
• W1569111752 cites W2128961774 @default.
• W1569111752 cites W2129136797 @default.
• W1569111752 cites W2131730994 @default.
• W1569111752 cites W2131897859 @default.
• W1569111752 cites W2132782658 @default.
• W1569111752 cites W2137041220 @default.
• W1569111752 cites W2140614071 @default.
• W1569111752 cites W2142515939 @default.
• W1569111752 cites W2144238966 @default.
• W1569111752 cites W2147202610 @default.
• W1569111752 cites W2147733013 @default.
• W1569111752 cites W2150546866 @default.
• W1569111752 cites W2151388372 @default.
• W1569111752 cites W2156198657 @default.
• W1569111752 cites W2159016751 @default.
• W1569111752 cites W2164620061 @default.
• W1569111752 cites W2168582170 @default.
• W1569111752 cites W2169594550 @default.
• W1569111752 cites W2369295637 @default.
• W1569111752 cites W25218563 @default.
• W1569111752 cites W2617342586 @default.
• W1569111752 cites W3161918289 @default.
• W1569111752 cites W48058385 @default.
• W1569111752 cites W2482363909 @default.
• W1569111752 cites W2501281452 @default.
• W1569111752 doi "https://doi.org/10.3990/1.9789036531658" @default.
• W1569111752 hasPublicationYear "2011" @default.
• W1569111752 type Work @default.
• W1569111752 sameAs 1569111752 @default.
• W1569111752 citedByCount "14" @default.
• W1569111752 countsByYear W15691117522012 @default.
• W1569111752 countsByYear W15691117522013 @default.
• W1569111752 countsByYear W15691117522014 @default.
• W1569111752 countsByYear W15691117522015 @default.
• W1569111752 crossrefType "dissertation" @default.
• W1569111752 hasAuthorship W1569111752A5015308371 @default.
• W1569111752 hasBestOaLocation W15691117521 @default.
• W1569111752 hasConcept C10138342 @default.
• W1569111752 hasConcept C112930515 @default.
• W1569111752 hasConcept C12174686 @default.
• W1569111752 hasConcept C144133560 @default.
• W1569111752 hasConcept C32896092 @default.
• W1569111752 hasConcept C38652104 @default.

• next