Risk-based assessment of the surety of information systems

Correct operation of an information system requires a balance of ``surety`` domains -- access control (confidentiality), integrity, utility, availability, and safety. However, traditional approaches provide little help on how to systematically analyze and balance the combined impact of surety requirements on a system. The key to achieving information system surety is identifying, prioritizing, and mitigating the sources of risk that may lead to system failure. Consequently, the authors propose a risk assessment methodology that provides a framework to guide the analyst in identifying and prioritizing sources of risk and selecting mitigation techniques. The framework leads the analyst to develop a risk-based system model for balancing the surety requirements and quantifying the effectiveness and combined impact of the mitigation techniques. Such a model allows the information system designer to make informed trade-offs based on the most effective risk-reduction measures.

MoreLess

Year of publication:	2009-11-04
Authors:	Jansma, R. ; Fletcher, S. ; Halbgewachs, R. ; Lim, J. ; Murphy, M. ; Sands, P. ; Wyss, G.
Subject:	mathematics, computers, information science, management, law, miscellaneous \| INFORMATION SYSTEMS \| SECURITY \| AVAILABILITY \| QUALITY ASSURANCE \| MEDICAL ESTABLISHMENTS \| ENTRY CONTROL SYSTEMS \| HEALTH SERVICES

freely available

Open website |

More access options

I need help

More details

Type of publication:	Other
Source:	BASE

Persistent link: https://www.econbiz.de/10009435476