Skip to Main content Skip to Navigation
Conference papers

Using the Conflicting Incentives Risk Analysis Method

Abstract : Risk is usually expressed as a combination of likelihood and consequence but obtaining credible likelihood estimates is difficult. The Conflicting Incentives Risk Analysis (CIRA) method uses an alternative notion of risk. In CIRA, risk is modeled in terms of conflicting incentives between the risk owner and other stakeholders in regards to the execution of actions. However, very little has been published regarding how CIRA performs in non-trivial settings. This paper addresses this issue by applying CIRA to an Identity Management System (IdMS) similar to the eGovernment IdMS of Norway. To reduce sensitivity and confidentiality issues the study uses the Case Study Role Play (CSRP) method. In CSRP, data is collected from the individuals playing the role of fictitious characters rather than from an operational setting. The study highlights several risk issues and has helped in identifying areas where CIRA can be improved.
Document type :
Conference papers
Complete list of metadata

Cited literature [16 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, February 9, 2017 - 5:24:07 PM
Last modification on : Tuesday, February 23, 2021 - 7:24:06 PM
Long-term archiving on: : Wednesday, May 10, 2017 - 2:49:20 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Lisa Rajbhandari, Einar Snekkenes. Using the Conflicting Incentives Risk Analysis Method. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. pp.315-329, ⟨10.1007/978-3-642-39218-4_24⟩. ⟨hal-01463835⟩



Record views


Files downloads