IT architecture-based confidentiality risk assessment in networks of organizations

Today almost every organization benefits from business opportunities created by digitalization. Digitalization allows, among others, to develop software products on shared platforms, to remotely access and alter patient records or remotely control power generators. This change in the technical environment has triggered changes in the legal environment, and introduced new compliance requirements. Consequently, protecting the confidentiality of digital information assets has become a major concern for many organizations. This concern is even bigger for organizations that connect their IT system with other organizations to reduce costs. Risk assessment methodologies provide stakeholders with sound knowledge on security risks that threaten the business. A risk assessment method should satisfy three conflicting requirements: accuracy, cost-efficiency, and inter-subjectivity. These three requirements form the dilemma of confidentiality risk assessment methods. Accuracy has to do with the level of granularity that a method allows when assessing the risk. Cost-efficiency is the crucial real limitation of all risk assessment methods. In practice, even risk assessments of large and information-intensive company sections rarely last longer than two weeks. The third requirement we look at in this dissertation is intersubjectivity. Nowadays, despite the large use of standardized methods, the very result of a risk assessment is largely subjective, in the sense that other assessors may assess risks differently. This lack of inter-subjectivity means that risk assessments are difficult to replicate and risk assessment results are not comparable.

[1]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[2]  J. R. Catmur,et al.  SAFETY ASSESSMENT OF COMPUTER SYSTEMS USING HAZOP AND AUDIT TECHNIQUES , 1992 .

[3]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[4]  Tim Berners-Lee,et al.  The world-wide web : Internet technology , 1994 .

[5]  S. B. Kiselev,et al.  The capability maturity model: guidelines for improving the software process , 1995 .

[6]  H. Schneider Failure mode and effect analysis : FMEA from theory to execution , 1996 .

[7]  Harold F. Tipton,et al.  Handbook of Information Security Management , 1997 .

[8]  Zbigniew Ciechanowicz Risk analysis: requirements, conflicts and problems , 1997, Comput. Secur..

[9]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[10]  Richard L. Baskerville,et al.  Distinguishing action research from participative case studies , 1997 .

[11]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[12]  Eric Scherer,et al.  Design of co-ordination schemes in the networked enterprise , 1998, SMC'98 Conference Proceedings. 1998 IEEE International Conference on Systems, Man, and Cybernetics (Cat. No.98CH36218).

[13]  Rajiv Sabherwal,et al.  The role of trust in outsourced IS development projects , 1999, CACM.

[14]  I. Monitor Information Security Management Handbook , 2000 .

[15]  Atze Dijkstra Stepping through Haskell , 2000 .

[16]  Paul Clements,et al.  ATAM: Method for Architecture Evaluation , 2000 .

[17]  Antonio Vallecillo RM-ODP : The ISO Reference Model for Open Distributed Processing , 2000 .

[18]  A. L. de Groot,et al.  Practical Automaton proofs in PVS , 2000 .

[19]  Rune Winther,et al.  Security Assessments of Safety Critical Systems Using HAZOPs , 2001, SAFECOMP.

[20]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[21]  Stephen Shaoyi Liao,et al.  Exploring Alternatives during Requirements Analysis , 2001, IEEE Softw..

[22]  G. Rozenberg,et al.  Effective models for the structure of ð-calculus processes with replication , 2001 .

[23]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[24]  Christopher J. Alberts,et al.  Managing Information Security Risks: The OCTAVE Approach , 2002 .

[25]  Sylvia L. Osborn Information flow analysis of an RBAC system , 2002, SACMAT '02.

[26]  Todd R. Zenger,et al.  Do Formal Contracts and Relational Governance Function as Substitutes or Complements , 2002 .

[27]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[28]  Liliana Favre,et al.  UML and the Unified Process , 2003 .

[29]  M. T. de Berg,et al.  Multi-functional geometric data structures , 2003 .

[30]  Eu-Jin Goh,et al.  Searching on Encrypted Data , 2003 .

[31]  Martin Bravenboer,et al.  Exercises in Free Syntax. Syntax Definition, Parsing, and Assimilation of Language Conglomerates , 2003 .

[32]  Tore Dybå,et al.  Challenges and Recommendations When Increasing the Realism of Controlled Software Engineering Experiments , 2003, ESERNET.

[33]  T. van der Storm Component-based configuration, integration and delivery , 2003 .

[34]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[35]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[36]  Mitchell Kb,et al.  Web references , 2007, Ship and Mobile Offshore Unit Automation.

[37]  Roel Wieringa,et al.  Project Graal: Towards Operational Architecture Alignment , 2004, Int. J. Cooperative Inf. Syst..

[38]  O. Koufopavlou,et al.  Crypto processor for contactless smart cards , 2004, Proceedings of the 12th IEEE Mediterranean Electrotechnical Conference (IEEE Cat. No.04CH37521).

[39]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[40]  John A. Clark,et al.  Effective Security Requirements Analysis: HAZOP and Use Cases , 2004, ISC.

[41]  M. T. de Berg,et al.  Algorithms for Fat Objects: Decompositions and Applications , 2004 .

[42]  Marianne M. Swanson,et al.  Standards for Security Categorization of Federal Information and Information Systems , 2004 .

[43]  Arjen K. Lenstra,et al.  Information Security Risk Assessment, Aggregation, and Mitigation , 2004, ACISP.

[44]  A Adam Koprowski,et al.  Termination of rewriting and its certification , 2004 .

[45]  Kyle J. Mayer,et al.  Learning to Contract: Evidence from the Personal Computer Industry , 2004, Organ. Sci..

[46]  Mohammad Reza Mousavi,et al.  Structuring structural operational semantics , 2005 .

[47]  Cheun Ngen Chong Experiments in rights control : expression and enforcement , 2005 .

[48]  Jurgen Vinju,et al.  Analysis and transformation of source code by parsing and rewriting , 2005 .

[49]  Goran Frehse,et al.  Compositional verification of hybrid systems using simulation relations , 2005 .

[50]  H.M.A. van Beek,et al.  Specification and analysis of Internet applications , 2005 .

[51]  M. T. Ionita,et al.  Scenario-based system architecting : a systematic approach to developing future-proof system architectures , 2005 .

[52]  M. A. Valero Espada,et al.  Modal Abstraction and Replication of Processes with Data , 2005 .

[53]  Thomas Wolle,et al.  Computational aspects of treewidth : Lower bounds and network reliability , 2005 .

[54]  R Ronald Ruimerman,et al.  Modeling and remodeling in bone tissue , 2005 .

[55]  Thomas Bäck,et al.  Mixed-integer evolution strategies for parameter optimization and their applications to medical image analysis , 2005 .

[56]  Magiel Bruntink,et al.  Renovation of idiomatic crosscutting concerns in embedded systems , 2005 .

[57]  Ana Sokolova,et al.  Coalgebraic analysis of probabilistic systems , 2005 .

[58]  Bashar Nuseibeh,et al.  Using trust assumptions with security requirements , 2005, Requirements Engineering.

[59]  Tim K. Cocx,et al.  Metrics and visualisation for crime analysis and genomics , 2005 .

[60]  Yee Wei Law,et al.  Key management and link-layer security of wireless sensor networks : Energy-efficient attack and defense , 2005 .

[61]  Bastiaan Heeren,et al.  Top quality type error Messages , 2005 .

[62]  R.S.S. O'Connor,et al.  Incompleteness & completeness : formalizing logic and analysis in type theory , 2005 .

[63]  P. Zoeteweij,et al.  Composing constraint solvers , 2005 .

[64]  D. Stephens The Sarbanes‐Oxley Act , 2005 .

[65]  Gabriele Lenzini,et al.  Integration of Analysis Techniques in Security and Fault-Tolerance , 2005 .

[66]  Jeroen Eggermont,et al.  Data Mining using Genetic Programming : Classification and Symbolic Regression , 2005 .

[67]  Hui Gao,et al.  Design and verification of lock-free parallel algorithms , 2005 .

[68]  Roland L. Trope,et al.  Averting Security Missteps in Outsourcing , 2005, IEEE Secur. Priv..

[69]  Ivan Kurtev,et al.  Adaptability of model transformations , 2005 .

[70]  Roel Wieringa,et al.  Requirements engineering paper classification and evaluation criteria: a proposal and a discussion , 2005, Requirements Engineering.

[71]  Erika Ábrahám,et al.  An Assertional Proof System for Multithreaded Java - Theory and Tool Support , 2005 .

[72]  Nikolay Kavaldjiev,et al.  A run-time reconfigurable Network-on-Chip for streaming DSP applications , 2006 .

[73]  V. Sundramoorthy,et al.  At Home in Service Discovery , 2006 .

[74]  Paolo Giorgini,et al.  Modelling Risk and Identifying Countermeasure in Organizations , 2006, CRITIS.

[75]  AJ Arjan Mooij,et al.  Constructive formal methods and protocol standardization , 2006 .

[76]  Martijn Hendriks,et al.  Model checking timed automata : techniques and applications , 2006 .

[77]  Cjf Cas Cremers Scyther : semantics and verification of security protocols , 2006 .

[78]  Ka Lok Man,et al.  Formal specification and analysis of hybrid systems , 2006 .

[79]  Martijn Warnier,et al.  Language based security for Java and JML , 2006 .

[80]  Ricardo Corin,et al.  Analysis Models for Security Protocols , 2006 .

[81]  Tomas Krilavicius,et al.  Hybrid Techniques for Hybrid Systems , 2006 .

[82]  Eelco Dolstra,et al.  The purely functional software deployment model , 2006 .

[83]  G Giovanni Russello,et al.  Separation and adaptation of concerns in a shared data space , 2006 .

[84]  A. J. Markvoort Towards hybrid molecular simulations , 2006 .

[85]  Bahareh Badban,et al.  Verification Techniques for Extensions of Equality Logic , 2006 .

[86]  B. Gebremichael-Tesfagiorgis,et al.  Expressivity of Timed Automata Models , 2006 .

[87]  Ruth Breu,et al.  Using an Enterprise Architecture for IT Risk Management , 2006, ISSA.

[88]  Zinaida Benenson,et al.  Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks , 2006, SPC.

[89]  P. Bowen,et al.  Information Security Handbook: A Guide for Managers , 2006 .

[90]  Ling Cheung,et al.  Reconciling nondeterministic and probabilistic choices , 2006 .

[91]  Peter Verbaan,et al.  The Computational Complexity of Evolving Systems , 2006 .

[92]  van Lcm Louis Gool Formalising interface specifications , 2006 .

[93]  C.-B. Breunesse On JML: topics in tool-assisted verification of Java programs , 2006 .

[94]  Costas Lambrinoudakis,et al.  A probabilistic model for optimal insurance contracts against security risks and privacy violation in IT outsourcing environments , 2007, International Journal of Information Security.

[95]  Marcel Kyas,et al.  Verifying OCL specifications of UML models: tool support and compositionakity , 2006 .

[96]  Juan Visente Guillen Scholten,et al.  Mobile Channels for Exogenous Coordination of Distributed Systems: Semantics, Implementation and Composition , 2007 .

[97]  Arjen van Weelden,et al.  Putting Types To Good Use , 2007 .

[98]  Dmitri Jarnikov,et al.  QoS framework for video streaming in home networks , 2007 .

[99]  R. Boumen,et al.  Integration and test plans for complex manufacturing systems , 2007 .

[100]  Barbara Paech,et al.  MOQARE: misuse-oriented quality requirements engineering , 2008, Requirements Engineering.

[101]  Laura Brandán Briones,et al.  Theories for Model-based Testing: Real-time and Coverage , 2007 .

[102]  Keith Mayes,et al.  A Comparative Analysis of Common Threats, Vulnerabilities, Attacks and Countermeasures Within Smart Card and Wireless Sensor Network Node Technologies , 2007, WISTP.

[103]  Cfj Christian Lange,et al.  Assessing and improving the quality of modeling : a series of empirical studies about the UML , 2007 .

[104]  Philip Robinson,et al.  Security and Trust in IT Business Outsourcing: a Manifesto , 2007, STM.

[105]  T. D. Vu,et al.  Semantics and applications of process and program algebra , 2007 .

[106]  I. Hogganvik,et al.  Model-based security analysis in seven steps — a guided tour to the CORAS method , 2007 .

[107]  Mario Piattini,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.

[108]  Scott Cadzow,et al.  eTVRA, a Threat, Vulnerability and Risk Assessment Method and Tool for eEurope , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[109]  Bastiaan Stephan Graaf,et al.  Model-Driven Evolution of Software Architectures , 2007, 11th European Conference on Software Maintenance and Reengineering (CSMR'07).

[110]  H. A. deJong Flexible Heterogeneous Software Systems , 2007 .

[111]  Anton Wijs,et al.  What to do next? Analysing and optimising system behaviour in time , 2007 .

[112]  Martijn van Veelen,et al.  Considerations on modeling for early detection of abnormalities in locally autonomous distributed systems , 2007 .

[113]  Eric Dubois,et al.  Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods , 2007, IESA.

[114]  Anton Wijs,et al.  Silent steps in transition systems and Markov chains , 2007 .

[115]  Mohammad Ali Abam New data structures and algorithms for mobile data , 2007 .

[116]  Jasen Markovski,et al.  Real and stochastic time in process algebras for performance evaluation , 2008 .

[117]  Ileana Buhan,et al.  Cryptographic keys from noisy data, theory and applications , 2008 .

[118]  Gürcan Gülesir,et al.  Evolvable Behavior Specifications Using Context-Sensitive Wildcards , 2008 .

[119]  Daniel Kroening,et al.  Decision Procedures for Equality Logic and Uninterpreted Functions , 2008 .

[120]  Wolter Pieters,et al.  La volonté machinale: understanding the electronic voting controversy , 2008 .

[121]  Flavio D. Garcia Formal and Computational Cryptography: Protocols, Hashes and Commitments , 2008 .

[122]  E Elena Mumford,et al.  Drawing graphs for cartographic applications , 2008 .

[123]  M. G. van der Horst,et al.  Scalable block processing algorithms , 2008 .

[124]  Ruth Breu,et al.  Quantitative Assessment of Enterprise Security System , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[125]  Qing Hu,et al.  Managing Risk Propagation in Extended Enterprise Networks , 2008, IT Professional.

[126]  de Ism Ivo Jong Integration and test strategies for complex manufacturing machines , 2008 .

[127]  Aad Mathssen,et al.  Logical Calculi for Reasoning with Binding , 2008 .

[128]  Robert Brijder,et al.  Models of natural computation : gene assembly and membrane systems , 2008 .

[129]  U Uzma Khadim,et al.  Process algebras for hybrid systems : comparison and development , 2008 .

[130]  Nicholas Bambos,et al.  Security Decision-Making among Interdependent Organizations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[131]  Lars Grunske,et al.  Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles , 2008, J. Syst. Softw..

[132]  Pascal Durr,et al.  Resource-based Verification for Robust Composition of Aspects , 2008 .

[133]  D. Graaf,et al.  Mining semi-structured data, theoretical and experimental aspects of pattern evaluation , 2008 .

[134]  Harmen Kastenberg Graph-based software specification and verification , 2008 .

[135]  Bashar Nuseibeh,et al.  Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.

[136]  RH Rudolf Mak,et al.  Design and performance analysis of data-independent stream processing systems , 2008 .

[137]  Eric Totel,et al.  Anomaly Detection with Diagnosis in Diversified Systems using Information Flow Graphs , 2008, SEC.

[138]  Ivan S. Zapreev Model checking Markov chains : techniques and tools , 2008 .

[139]  Marius Adrian Marin,et al.  An Integrated System to Manage Crosscutting Concerns in Source Code , 2008 .

[140]  Raluca Marin-Perianu,et al.  Wireless Sensor Networks in Motion - Clustering Algorithms for Service Discovery and Provisioning , 2008 .

[141]  Sandro Etalle,et al.  IT confidentiality risk assessment for an architecture-based approach , 2008, 2008 3rd IEEE/IFIP International Workshop on Business-driven IT Management.

[142]  M. Torabi Dashti,et al.  Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols , 2008 .

[143]  Ichiro Hasuo,et al.  Tracing Anonymity with Coalgebras , 2008 .

[144]  EM Elena Bortnik,et al.  Formal methods in support of SMC design , 2008 .

[145]  Jens R. Calamé,et al.  Testing reactive systems with data: enumerative methods and constraint solving , 2008 .

[146]  Scw Bas Ploeger,et al.  Improved verification methods for concurrent systems , 2009 .

[147]  Hasan Sözer,et al.  Architecting Fault-Tolerant Software Systems , 2009 .

[148]  Hugo Jonker,et al.  Security matters : privacy in voting and fairness in digital exchange , 2009 .

[149]  M. J. de Mol,et al.  Reasoning about functional programs : Sparkle, a proof assistant for Clean , 2009 .

[150]  Damiano Bolzoni,et al.  Revisiting Anomaly-based Network Intrusion Detection Systems , 2009 .

[151]  Jahyun Goo,et al.  Rescuing IT Outsourcing: Strategic Use of Service-Level Agreements , 2009, IT Professional.

[152]  van Mpwj Michiel Osch Automated model-based testing of hybrid systems , 2009 .

[153]  Mari Antonius Cornelis Dekker,et al.  Flexible Access Control for Dynamic Collaborative Environments , 2009 .

[154]  A. Rodriguez Yakushev,et al.  Towards Getting Generic Programming Ready for Prime Time , 2009 .

[155]  Maritta Heisel,et al.  A comparison of security requirements engineering methods , 2010, Requirements Engineering.

[156]  Tingting Han,et al.  Diagnosis, Synthesis and Analysis of Probabilistic Models , 2009, Ausgezeichnete Informatikdissertationen.

[157]  Mohammed G. Khatib MEMS-Based Storage Devices : Integration in Energy-Constrained Mobile Systems , 2009 .

[158]  Ali Mesbah,et al.  Analysis and Testing of Ajax-based Single-page Web Applications , 2009 .

[159]  J. Kwisthout,et al.  The Computational Complexity of Probabilistic Networks , 2009 .

[160]  Sebastiaan Gijsbert Marinus Cornelissen,et al.  Evaluating Dynamic Analysis Techniques for Program Comprehension , 2009 .

[161]  Karina R. Olmos Joffré Strategies for Context Sensitive Program Transformation , 2009 .

[162]  Eric S. K. Yu,et al.  Modeling and analysis of security trade-offs - A goal oriented approach , 2009, Data Knowl. Eng..

[163]  Eric S. K. Yu,et al.  A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities , 2010, Requirements Engineering.

[164]  John A. Clark,et al.  Risk profiles and distributed risk assessment , 2009, Comput. Secur..

[165]  Sandro Etalle,et al.  CRAC: Confidentiality Risk Analysis and IT-Architecture Comparison of Business Networks , 2009 .

[166]  H. Hansen Coalgebraic Modelling : Applications in Automata theory and Modal logic , 2009 .

[167]  Roel Wieringa,et al.  Design science as nested problem solving , 2009, DESRIST.

[168]  Marcel Verhoef,et al.  Modeling and validating distributed embedded real-time control systems , 2009 .

[169]  Sandro Etalle,et al.  Extended eTVRA vs. security checklist: Experiences in a value-web , 2009, 2009 31st International Conference on Software Engineering - Companion Volume.

[170]  J. van den Berg,et al.  Reasoning about Java programs in PVS using JML , 2009 .

[171]  Tim K. Cocx,et al.  Algorithmic tools for data-oriented law enforcement , 2009 .

[172]  Mohammad Mahdi Jaghoori,et al.  Time At Your Service: Schedulability Analysis of Real-Time and Distributed Services , 2010 .

[173]  Eric Dubois,et al.  A Systematic Approach to Define the Domain of Information System Security Risk Management , 2010, Intentional Perspectives on Information Systems Engineering.

[174]  Andrea Herrmann,et al.  RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version) , 2010 .

[175]  Roel Wieringa,et al.  Risk-based Confidentiality Requirements Specification for Outsourced IT Systems , 2010, 2010 18th IEEE International Requirements Engineering Conference.

[176]  J. K. Berendsen,et al.  Abstraction, prices and probability in model checking timed automata , 2010 .

[177]  Tom Staijen,et al.  Graph-based Specification and Verification for Aspect-Oriented Languages , 2010 .

[178]  Martin R. Neuhäußer,et al.  Model checking nondeterministic and randomly timed systems , 2010 .

[179]  de A. Bruin,et al.  Service-oriented discovery of knowledge : foundations, implementations and applications , 2010 .

[180]  Shareeful Islam,et al.  Integrating risk management activities into requirements engineering , 2010, 2010 Fourth International Conference on Research Challenges in Information Science (RCIS).

[181]  C. J. Boogerd,et al.  Focusing Automatic Code Inspections , 2010 .

[182]  Sandro Etalle,et al.  CRAC: Confidentiality risk assessment and IT-infrastructure comparison , 2010, 2010 International Conference on Network and Service Management.

[183]  B. J. Arnoldus,et al.  An illumination of the template enigma : software code generation with templates , 2011 .

[184]  José Proença,et al.  Synchronous Coordination of Distributed Components , 2011 .

[185]  Lacramioara Astefanoaei,et al.  An executable theory of multi-agent systems refinement , 2011 .

[186]  V. Laz Faculty of Mathematics and Computer Science , 2011 .

[187]  R. Bakhshi Gossiping Models : Formal Analysis of Epidemic Protocols , 2011 .

[188]  Emmanuele Zambon,et al.  Towards optimal IT availability planning: methods and tools , 2011 .

[189]  T Valère,et al.  Control Objectives for Information and related Technology : Su... , 2013 .

[190]  Stephen N. Luko,et al.  Risk Management Principles and Guidelines , 2013 .