Back to University of Twente portal
IT Confidentiality Risk Assessment for an Architecture-Based Approach
Morali, Ayse and Zambon, Emmanuele and Etalle, Sandro and Overbeek, Paul (2008) IT Confidentiality Risk Assessment for an Architecture-Based Approach. In: Third IEEE International Workshop on Business-Driven IT Management, 07 Apr 2008, Salvador, Brazil.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png) | PDF Restricted to UT campus only: Request a copy 647Kb |
| Abstract: | Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is based on a model integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact of confidentiality incidents. Furthermore, our approach is a mean to bridge the technical and businessoriented views of information systems, since the importance of information assets, which is leading the technical decisions, is set by the business. |
| Item Type: | Conference or Workshop Item |
| Copyright: | © 2008 IEEE |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/62209 |
| Official URL: | http://dx.doi.org/10.1109/BDIM.2008.4540072 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page
Metis ID: 250901