Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain - Archive ouverte HAL Access content directly
Conference Papers Year : 2011

Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain

(1) , (2) , (3) , (4, 3)
1
2
3
4
Stefan Taubenberger
  • Function : Author
  • PersonId : 1013413
Yijun Yu
  • Function : Author
  • PersonId : 1013414

Abstract

Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, security experts often find it difficult to determine IT risks reliably with precision. In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches. Our experience is based on performing IT audits and IT business insurance cover assessments within a reinsurance company. The paper concludes with a summary of issues concerning traditional approaches that are related to the identification and evaluation of events, probabilities and impacts. We also conclude that there is a need to develop alternative approaches, and suggest a security requirements-based risk assessment approach without events and probabilities.
Fichier principal
Vignette du fichier
978-3-642-21424-0_21_Chapter.pdf (555.23 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01567605 , version 1 (24-07-2017)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Stefan Taubenberger, Jan Jürjens, Yijun Yu, Bashar Nuseibeh. Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain. 26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. pp.259-270, ⟨10.1007/978-3-642-21424-0_21⟩. ⟨hal-01567605⟩
218 View
467 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More