• DocumentCode
    3639769
  • Title

    CRAC: Confidentiality risk assessment and IT-infrastructure comparison

  • Author

    Ayşe Moralı;Emmanuele Zambon;Sandro Etalle;Roel Wieringa

  • Author_Institution
    University of Twente, the Netherlands
  • fYear
    2010
  • Firstpage
    322
  • Lastpage
    325
  • Abstract
    CRAC is an IT-infrastructure-based method for assessing and comparing confidentiality risks of distributed IT systems. The method determines confidentiality risks by taking into account the effects of the leakage of confidential information (e.g. industrial secrets), and the paths that may be followed by different attackers (e.g. insider and outsider). We evaluate its effectiveness by applying it to a real-world outsourcing case.
  • Keywords
    "Risk management","Outsourcing","Organizations","Information security","ISO standards"
  • Publisher
    ieee
  • Conference_Titel
    Network and Service Management (CNSM), 2010 International Conference on
  • Print_ISBN
    978-1-4244-8910-7
  • Type

    conf

  • DOI
    10.1109/CNSM.2010.5691222
  • Filename
    5691222
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3639769