Back to University of Twente portal
IT architecture-based confidentiality risk assessment in networks of organizations
Morali, Ayse (2011) IT architecture-based confidentiality risk assessment in networks of organizations. thesis.
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png)
| PDF 3196Kb |
| Abstract: | Today almost every organization benefits from business opportunities created by
digitalization. Digitalization allows, among others, to develop software products on shared platforms, to remotely access and alter patient records or remotely control power generators. This change in the technical environment has triggered changes in the legal environment, and introduced new compliance requirements. Consequently, protecting the confidentiality of digital information assets has become a major concern for many organizations. This concern is even bigger for organizations that connect their IT system with other organizations to reduce costs. Risk assessment methodologies provide stakeholders with sound knowledge on security risks that threaten the business. A risk assessment method should satisfy three conflicting requirements: accuracy, cost-efficiency, and inter-subjectivity. These three requirements form the dilemma of confidentiality risk assessment methods. Accuracy has to do with the level of granularity that a method allows when assessing the risk. Cost-efficiency is the crucial real limitation of all risk assessment methods. In practice, even risk assessments of large and information-intensive company sections rarely last longer than two weeks. The third requirement we look at in this dissertation is intersubjectivity. Nowadays, despite the large use of standardized methods, the very result of a risk assessment is largely subjective, in the sense that other assessors may assess risks differently. This lack of inter-subjectivity means that risk assessments are difficult to replicate and risk assessment results are not comparable. |
| Item Type: | Thesis |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/76717 |
| Official URL: | http://dx.doi.org/10.3990/1.9789036531658 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page