IT design criteria for damage reduction

Author

Hammer, Volker

Author_Institution

Secorvo Security Consulting GmbH, Karlsruhe, Germany

fYear

2003

fDate

24-24 March 2003

Firstpage

49

Lastpage

59

Abstract

In order to obtain security from the perspective of a social system, not only the damage probability but also the maximum possible damage must be reduced. Analysing social risk assessment shows us that the latter issue needs more attention. Moreover, autonomous decisions about risk as well as experience gathering are relevant factors of social risk assessment. IT systems therefore need to include appropriate features in order to comply with these factors. The paper explains how these features can be identified using requirements analysis, starting from the social goals. Ten highly reusable socio-technical criteria can be derived from social goals during this process. Complying features especially support responses of the social system in case of a technical system disturbance.

Keywords

security of data; social aspects of automation; systems analysis; IT design criteria; IT security; IT systems; autonomous decisions; damage probability; damage reduction; experience gathering; information assurance; maximum possible damage; requirements analysis; reusable socio-technical criteria; social goals; social risk assessment; technical system disturbance; Access control; Design engineering; Information analysis; Information security; Risk analysis; Risk management; System analysis and design; Systems engineering and theory; Usability;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance, 2003. IWIAS 2003. Proceedings. First IEEE International Workshop on

Conference_Location

Darmstadt, Germany

Print_ISBN

0-7695-1886-9

Type

conf

DOI

10.1109/IWIAS.2003.1192458

Filename

1192458