Problem Analysis of Traditional IT-Security Risk Assessment Methods - An Experience Report from the Insurance and Auditing Domain
作者: Stefan Taubenberger , Jan Jürjens , Yijun Yu , Bashar Nuseibeh
DOI: 10.1007/978-3-642-21424-0_21
关键词:
摘要: Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, experts often find it difficult to determine IT risks reliably with precision. this paper, we review the determination steps traditional report our experience using such approaches. Our is performing audits business insurance cover assessments within a reinsurance company. The paper concludes summary issues concerning that related identification evaluation We also conclude there need develop alternative approaches, suggest requirements-based approach without events probabilities.
springer.com
core.ac.uk
archives-ouvertes.fr
sci-hub.st 参考文章(22)
Rex Kelly Rainer, Charles A. Snyder, Houston H. Carr, Risk analysis for information technology Journal of Management Information Systems. ,vol. 8, pp. 129- 147 ,(1991) , 10.1080/07421222.1991.11517914
Emmanuel Aroms, NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems ,(2012)
Steven Alter, Susan A. Sherer, A GENERAL, BUT READILY ADAPTABLE MODEL OF INFORMATION SYSTEM RISK Communications of The Ais. ,vol. 14, pp. 1- ,(2004) , 10.17705/1CAIS.01401
M.S. Feather, S.L. Cornford, Relating risk and reliability predictions to design and development choices reliability and maintainability symposium. pp. 492- 498 ,(2006) , 10.1109/RAMS.2006.1677422
Raimundas Matulevičius, Nicolas Mayer, Haralambos Mouratidis, Eric Dubois, Patrick Heymans, Nicolas Genon, Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development conference on advanced information systems engineering. pp. 541- 555 ,(2008) , 10.1007/978-3-540-69534-9_40
Antoine Frachot, Thierry Roncalli, Mixing Internal and External Data for Managing Operational Risk Social Science Research Network. ,(2002) , 10.2139/SSRN.1032525
Mariana Gerber, Rossouw von Solms, Special Features: From Risk Analysis to Security Requirements Computers & Security. ,vol. 20, pp. 577- 584 ,(2001) , 10.1016/S0167-4048(01)00706-4
Mikko T Siponen, None, An analysis of the traditional IS security approaches: implications for research and practice European Journal of Information Systems. ,vol. 14, pp. 303- 315 ,(2005) , 10.1057/PALGRAVE.EJIS.3000537
Sharon Halliday, Karin Badenhorst, Rossouw von Solms, A business approach to effective information technology risk analysis and management Information Management & Computer Security. ,vol. 4, pp. 19- 31 ,(1996) , 10.1108/09685229610114178
Andrew Stewart, On risk: perception and direction Computers & Security. ,vol. 23, pp. 362- 370 ,(2004) , 10.1016/J.COSE.2004.05.003