Using Value Models for Business Risk Analysis in e-Service Networks

Abstract : Commercially provided electronic services commonly operate on top of a complex, highly-interconnected infrastructure, which provides a multitude of entry points for attackers. Providers of e-services also operate in dynamic, highly competitive markets, which provides fertile ground for fraud. Before a business idea to provide commercial e-services is implemented in practice, it should therefore be analysed on its fraud potential.This analysis is a risk assessment process, in which risks are ordered on severity and the unacceptable ones are mitigated. Mitigations may consist of changes in the e-service network to reduce the attractiveness of fraud for the fraudster, or changes in coordination process steps or IT architecture elements to make fraud harder or better detectable.We propose to use e3value business value models for the identification and quantification of risks associated with e-service packages. This allows for impact estimation as well as understanding the attacker’s business cases. We show how the e3value ontology — with minimal extensions – can be used to analyse known telecommunication fraud scenarios. We also show how the approach can be used to quantify infrastructure risks. Based on the results, as well as feedback from practitioners, we discuss the scope and limits of generalizability of our approach.
Type de document :
Communication dans un congrès
Jolita Ralyté; Sergio España; Óscar Pastor. 8th Practice of Enterprise Modelling (P0EM), Nov 2015, Valencia, Spain. Springer, Lecture Notes in Business Information Processing, LNBIP-235, pp.239-253, 2015, The Practice of Enterprise Modeling. 〈10.1007/978-3-319-25897-3_16〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01442255
Contributeur : Hal Ifip <>
Soumis le : vendredi 20 janvier 2017 - 15:07:07
Dernière modification le : samedi 18 novembre 2017 - 18:16:02
Document(s) archivé(s) le : vendredi 21 avril 2017 - 15:13:46

Fichier

978-3-319-25897-3_16_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Dan Ionita, Roel Wieringa, Lars Wolos, Jaap Gordijn, Wolter Pieters. Using Value Models for Business Risk Analysis in e-Service Networks. Jolita Ralyté; Sergio España; Óscar Pastor. 8th Practice of Enterprise Modelling (P0EM), Nov 2015, Valencia, Spain. Springer, Lecture Notes in Business Information Processing, LNBIP-235, pp.239-253, 2015, The Practice of Enterprise Modeling. 〈10.1007/978-3-319-25897-3_16〉. 〈hal-01442255〉

Partager

Métriques

Consultations de la notice

36