How to Assess Confidentiality Requirements of Corporate Assets?

Abstract : Confidentiality is an important property that organizations relying on information technology have to preserve. The purpose of this work is to provide a structured approach for identifying confidentiality requirements. A key step in the information security risk management process is the determination of the impact level arisen from a loss of confidentiality, integrity or availability. We deal here with impact level determination regarding confidentiality by proposing a method to calculate impact levels based on the different kind of consequences typically arisen from threats. The proposed approach assesses the impact arisen from confidentiality losses on different areas separately and uses a parameterized model that allows organizations to adjust it according to their specific needs. A validation of the developed approach has been conducted in a small software development company.
Type de document :
Communication dans un congrès
Nora Cuppens-Boulahia; Frédéric Cuppens; Sushil Jajodia; Anas Abou El Kalam; Thierry Sans. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. Springer, IFIP Advances in Information and Communication Technology, AICT-428, pp.234-241, 2014, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-642-55415-5_19〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01370369
Contributeur : Hal Ifip <>
Soumis le : jeudi 22 septembre 2016 - 14:25:30
Dernière modification le : jeudi 22 septembre 2016 - 15:12:03

Fichier

978-3-642-55415-5_19_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Gabriela Cervantes, Stefan Fenz. How to Assess Confidentiality Requirements of Corporate Assets?. Nora Cuppens-Boulahia; Frédéric Cuppens; Sushil Jajodia; Anas Abou El Kalam; Thierry Sans. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. Springer, IFIP Advances in Information and Communication Technology, AICT-428, pp.234-241, 2014, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-642-55415-5_19〉. 〈hal-01370369〉

Partager

Métriques

Consultations de la notice

32

Téléchargements de fichiers

17