Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain

Abstract : Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, security experts often find it difficult to determine IT risks reliably with precision. In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches. Our experience is based on performing IT audits and IT business insurance cover assessments within a reinsurance company. The paper concludes with a summary of issues concerning traditional approaches that are related to the identification and evaluation of events, probabilities and impacts. We also conclude that there is a need to develop alternative approaches, and suggest a security requirements-based risk assessment approach without events and probabilities.
Type de document :
Communication dans un congrès
Jan Camenisch; Simone Fischer-Hübner; Yuko Murayama; Armand Portmann; Carlos Rieder. 26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. Springer, IFIP Advances in Information and Communication Technology, AICT-354, pp.259-270, 2011, Future Challenges in Security and Privacy for Academia and Industry. 〈10.1007/978-3-642-21424-0_21〉
Liste complète des métadonnées

Littérature citée [31 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01567605
Contributeur : Hal Ifip <>
Soumis le : lundi 24 juillet 2017 - 10:40:24
Dernière modification le : lundi 24 juillet 2017 - 10:42:14

Fichier

978-3-642-21424-0_21_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Stefan Taubenberger, Jan Jürjens, Yijun Yu, Bashar Nuseibeh. Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain. Jan Camenisch; Simone Fischer-Hübner; Yuko Murayama; Armand Portmann; Carlos Rieder. 26th International Information Security Conference (SEC), Jun 2011, Lucerne, Switzerland. Springer, IFIP Advances in Information and Communication Technology, AICT-354, pp.259-270, 2011, Future Challenges in Security and Privacy for Academia and Industry. 〈10.1007/978-3-642-21424-0_21〉. 〈hal-01567605〉

Partager

Métriques

Consultations de la notice

39

Téléchargements de fichiers

11