Download presentation
Presentation is loading. Please wait.
Published byRonald Hardy Modified over 9 years ago
1
CRAC++ Risk-Based Confidentiality Requirements Specification for Outsourced IT Systems
2
Content Authors Origins Method positioning Related literature Purpose and Main steps Process-Deliverable Diagram Method illustration Questions
3
Authors Ayse Moralie o PhD student at University of Twente o CRAC++ part of PhD dissertation Roel Wieringa o Information Systems Group, University of Twente o Head of Computer Science Department, University of Twente
4
Origins Regulations require companies to have control over the security of IT assets Companies outsource IT systems, the result is confidential data present in two different systems. No practical method to specify confidentiality requirements in SLA’s. Based on CRAC (Morali &Wieringa, 2009)
5
Method positioning
6
Related literature Insurance Contracts (IC) defines security requirements based on past incidents (Gritzalis et al., 2007) Determine adequate security requirements as constraints on functional requirements(Haley et al., 2008) Common Criteria tool for comparing two sets of requirements (ISO 15408, 2007)
7
Purpose and Main steps Assesssing and comparing confidentaility risks of two alternative networked IT architectures Step 0: Elicit Input Data Step 1: Assessing Total Impact of Disclosure per Component Step 2: Assessing Protection Level per Component Step 3: Determining Candidate Confidentiality Requirements
8
PDD
9
PDD
10
Method illustration
11
Questions
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.