Abstract
The chapter presents the risk management approach applied in the EC FP7 ValueSec project. The security measures selection process is based on three pillars: Risk Reduction Assessment (RRA), Cost-Benefit-Analysis (CBA) and Qualitative Criteria Assessment (QCA). The ValueSec tool set, which is elaborated in the project, should be equipped with components corresponding to these pillars. The chapter overviews the researches of the project focused on the decision model elaboration and selection of existing method to be implemented, or existing tools to be integrated in the ValueSec framework. Risk management is a broad issue, especially in five of the project assumed contexts. For this reason more specialized components are allowed for the RRA pillar. Currently the project passes to the implementation and use case experimentation phase. The chapter shows the general architecture, currently implemented and the RRA component example.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ValueSec web page: http://www.valuesec.eu (accessed January 10, 2012)
D2.1 Decision domains concepts and trends (2011), http://www.valuesec.eu/content/d21-decision-domains-concepts-and-trends
D2.2 Data model and decision model (2011), http://www.valuesec.eu/content/d22-data-model-and-decision-model
D2.3 Relational concept between security and politico-economic sphere (2011), http://www.valuesec.eu/content/d23-relational-concept-between-security-and-politico-economic-sphere
D2.5 Report on workshop on user needs and requirements (2011), http://www.valuesec.eu/content/d25-report-workshop-user-needs-and-requirements
D3.1 Framework for the assessment of methods and tools (2011), http://www.valuesec.eu/content/d31-framework-assessment-methods-and-tools
D3.2 Catalogue of evaluated methodologies and tools available (2011), http://www.valuesec.eu/content/d32-catalogue-evaluated-methodologies-and-tools-available
D3.3 Evaluation of methods and tools, and the required improvements (2012), http://www.valuesec.eu/content/d33-evaluation-methods-and-tools-and-required-improvements
D4.1 Part 1 Usability assessment criteria and usability analysis (2012), http://www.valuesec.eu/content/d41-part-1-usability-assessment-criteria-and-usability-analysis
Zuniga, E.B., Blobner, C.: ValueSec â Mastering the Value Function of Security Measures. In: Ender, J., Fiege, J. (eds.) 6th Future Security: Security Research Conference, Future Security, Berlin, September 5-7. Conference Proceedings, pp. 277â281 (2011)
Bjorheim Abrahamsen, E., Aven, T., Pettersen, K., Rosqvist, T.: A framework for selection of strategy for management of security measures. In: PSAM 2011 & Esrel 2012 Intâl Conference Proceedings. Scandic Marina Congress Centre, Helsinki, Finland, June 25-29, pp. 18-Tu2-4. USB memory stick (2012)
RĂ€ikkönen, M., Rosqvist, T., Poussa, L., JĂ€hi, M.: A Framework for Integrating Economic Evaluation and Risk Assessment to Support Policymakersâ Security-related Decisions. In: PSAM 2011 & Esrel 2012 Intâl Conference Proceedings. Scandic Marina Congress Centre, Helsinki, Finland, June 25-29, pp. 18-Tu3-2. USB memory stick (2012)
Adar, E., Blobner, C., Hutter, R., Pettersen, K.: An extended Cost-Benefit Analysis for evaluating Decisions on Security Measures of Public Decision Makers. Forthcoming CRITIS 2012, 7th International Conference on Critical Information Infrastructures Security, Lillehammer, Norway, September 17-19 (2012)
BiaĆas, A.: Computer support in business continuity and information security management. In: KapczyĆski, A., Tkacz, E., Rostanski, M. (eds.) Internet - Technical Developments and Applications 2. AISC, vol. 118, pp. 155â169. Springer, Heidelberg (2012)
BagiĆski, J., RostaĆski, M.: The modeling of Business Impact Analysis for the loss of integrity, confidentiality and availability in business processes and data. Theoretical and Applied Informatics 23(1), 73â82 (2011) ISSN 1896-5334
BagiĆski, J.: Software support of the risk reduction assessment in the valueSec project flood use case. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds.) New Results in Dependability & Comput. Syst. AISC, vol. 224, pp. 11â24. Springer, Heidelberg (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
BiaĆas, A. (2013). Risk Assessment Aspects in Mastering the Value Function of Security Measures. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) New Results in Dependability and Computer Systems. Advances in Intelligent Systems and Computing, vol 224. Springer, Heidelberg. https://doi.org/10.1007/978-3-319-00945-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-00945-2_3
Publisher Name: Springer, Heidelberg
Print ISBN: 978-3-319-00944-5
Online ISBN: 978-3-319-00945-2
eBook Packages: Chemistry and Materials ScienceChemistry and Material Science (R0)