Using the Conflicting Incentives Risk Analysis Method

Abstract : Risk is usually expressed as a combination of likelihood and consequence but obtaining credible likelihood estimates is difficult. The Conflicting Incentives Risk Analysis (CIRA) method uses an alternative notion of risk. In CIRA, risk is modeled in terms of conflicting incentives between the risk owner and other stakeholders in regards to the execution of actions. However, very little has been published regarding how CIRA performs in non-trivial settings. This paper addresses this issue by applying CIRA to an Identity Management System (IdMS) similar to the eGovernment IdMS of Norway. To reduce sensitivity and confidentiality issues the study uses the Case Study Role Play (CSRP) method. In CSRP, data is collected from the individuals playing the role of fictitious characters rather than from an operational setting. The study highlights several risk issues and has helped in identifying areas where CIRA can be improved.
Document type :
Conference papers
Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.315-329, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_24〉
Liste complète des métadonnées

Cited literature [16 references]  Display  Hide  Download

https://hal.inria.fr/hal-01463835
Contributor : Hal Ifip <>
Submitted on : Thursday, February 9, 2017 - 5:24:07 PM
Last modification on : Thursday, February 9, 2017 - 5:37:19 PM
Document(s) archivé(s) le : Wednesday, May 10, 2017 - 2:49:20 PM

File

978-3-642-39218-4_24_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Lisa Rajbhandari, Einar Snekkenes. Using the Conflicting Incentives Risk Analysis Method. Lech J. Janczewski; Henry B. Wolfe; Sujeet Shenoi. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. Springer, IFIP Advances in Information and Communication Technology, AICT-405, pp.315-329, 2013, Security and Privacy Protection in Information Processing Systems. 〈10.1007/978-3-642-39218-4_24〉. 〈hal-01463835〉

Share

Metrics

Record views

87

Document downloads

16