Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

An asset to security modeling? Analyzing stakeholder collaborations instead of threats to assets

: Poller, Andreas; Türpe, Sven; Kinder-Kurlanda, Katharina


Association for Computing Machinery -ACM-:
New Security Paradigms Workshop, NSPW 2014. Proceedings : Victoria, British Columbia, Canada, September 15-18, 2014
New York: ACM, 2014
ISBN: 978-1-4503-3062-6
New Security Paradigms Workshop (NSPW) <2014, Victoria>
Bundesministerium für Bildung und Forschung BMBF
Conference Paper
Fraunhofer SIT ()
security; human factors; assets; collaboration networks; harm analysis; requirements elicitation; risk assessment; security engineering; threat modeling

Risk assessment in information security traditionally analyzes threats to assets. An asset is a persistent item or property of value and has an owner. Attacks damage assets; security controls prevent attacks to preserve their value. Expected attack loss is calculated from the value of the attacked assets. This common analytic approach works satisfyingly if an IT system runs in an enclosed environment within an organization. Nowadays, IT systems are accessed and used across organizational boundaries by a multitude of independent stakeholders employing them for their own interests and with particular expectations regarding their trustworthiness. The asset paradigm cannot support estimating consequences of security incidents that may harm these complex stakeholder collaborations. We propose t o model the stakeholder collaboration networks and to analyze scenarios of how security incidents affect relationships between stakeholders. Collaboration continuously creates value for all participants. Security incidents change the behavior of stakeholders and their willingness to collaborate, but in complicated ways. Transmission factors characterizing a relationship help us to assess the impact of incidents. We apply the conventional method and our new approach to a case study and compare the results.