Evaluating Confidentiality Impact in Security Risk Scoring Models
نویسنده
چکیده
Risk scoring models assume that confidentiality evaluation is based on user estimations. Confidentiality evaluation incorporates the impacts of various factors including systems' technical configuration, on the processes relating to users' confidentiality. The assumption underlying this research is that system users are not capable of estimating systems' confidentiality since they lack the knowledge on the technical structure. According to the proposed model, systems' confidentiality is calculated using technical information of systems' components. The proposed model evaluates confidentiality based on quantitative metrics rather than qualitative estimates which are currently being used. Frameworks' presentation includes system design, an algorithm calculating confidentiality measures and an illustration of risk scoring computations. Keywords—information security; risk management; continuous monitoring; vulnerability; confidentiality; risk assessment; access control; authorization system
منابع مشابه
A Socio-Technical Approach to Cyber Risk Management and Impact Assessment
Technology is increasingly being used by organisations to mediate social/business relationships and social/business transactions. While traditional models of impact assessment have focused on the loss of confidentiality, integrity and availability, we propose a new model based upon socio-technical systems thinking that places the people and the technology within an organisation’s business/funct...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کاملSecurity, confidentiality, and privacy of information in the field of health with data EPR embedding in medical MRI images based on HVS model
the development of new technology and modern equipment has led to the development of telemedicine systems. As a result, there are dangers such as publishing patient information and intentionally or unintentionally, medical information. The forensic organization, as one of the powerful arms of the judiciary, pursues important cases in the medical and psychiatric commissions to take steps to rea...
متن کاملAnalysis of Information Security Problem by Probabilistic Risk Assessment
The information security risk assessment is investigated from perspectives of most advanced probabilistic risk assessment (PRA) for nuclear power plants. Accident scenario enumeration by initiating events, mitigation systems and event trees are first described and demonstrated. Assets, confidentiality, integrity, availability, threats, vulnerabilities, impacts, likelihoods, and safeguards are r...
متن کاملClassification of Security Threats in Information Systems
Information systems are frequently exposed to various types of threats which can cause different types of damages that might lead to significant financial losses. Information security damages can range from small losses to entire information system destruction. The effects of various threats vary considerably: some affect the confidentiality or integrity of data while others affect the availabi...
متن کامل