{"title":"基于体系结构方法的IT机密性风险评估","authors":"Ayse Morali, E. Zambon, S. Etalle, Paul L. O. Re","doi":"10.1109/BDIM.2008.4540072","DOIUrl":null,"url":null,"abstract":"Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and business- oriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.","PeriodicalId":426943,"journal":{"name":"2008 3rd IEEE/IFIP International Workshop on Business-driven IT Management","volume":"57 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"IT confidentiality risk assessment for an architecture-based approach\",\"authors\":\"Ayse Morali, E. Zambon, S. Etalle, Paul L. O. Re\",\"doi\":\"10.1109/BDIM.2008.4540072\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and business- oriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.\",\"PeriodicalId\":426943,\"journal\":{\"name\":\"2008 3rd IEEE/IFIP International Workshop on Business-driven IT Management\",\"volume\":\"57 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-01-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 3rd IEEE/IFIP International Workshop on Business-driven IT Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BDIM.2008.4540072\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 3rd IEEE/IFIP International Workshop on Business-driven IT Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BDIM.2008.4540072","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
IT confidentiality risk assessment for an architecture-based approach
Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and business- oriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
