Design and validation of a trust-based opportunity-enabled risk management system. (13th March 2017)
- Record Type:
- Journal Article
- Title:
- Design and validation of a trust-based opportunity-enabled risk management system. (13th March 2017)
- Main Title:
- Design and validation of a trust-based opportunity-enabled risk management system
- Authors:
- Aldini, Alessandro
Seigneur, Jean-Marc
Ballester Lafuente, Carlos
Titi, Xavier
Guislain, Jonathan - Abstract:
- Abstract : Purpose: The Bring-Your-Own-Device (BYOD) paradigm favors the use of personal and public devices and communication means in corporate environments, thus representing a challenge for the traditional security and risk management systems. In this dynamic and heterogeneous setting, the purpose of this paper is to present a methodology called opportunity-enabled risk management (OPPRIM), which supports the decision-making process in access control to remote corporate assets. Design/methodology/approach: OPPRIM relies on a logic-based risk policy model combining estimations of trust, threats and opportunities. Moreover, it is based on a mobile client – server architecture, where the OPPRIM application running on the user device interacts with the company IT security server to manage every access request to corporate assets. Findings: As a mandatory requirement in the highly flexible BYOD setting, in the OPPRIM approach, mobile device security risks are identified automatically and dynamically depending on the specific environment in which the access request is issued and on the previous history of events. Originality/value: The main novelty of the OPPRIM approach is the combined treatment of threats (resp., opportunities) and costs (resp., benefits) in a trust-based setting. The OPPRIM system is validated with respect to an economic perspective: cost-benefit sensitivity analysis is conducted through formal methods using the PRISM model checker and through agent-basedAbstract : Purpose: The Bring-Your-Own-Device (BYOD) paradigm favors the use of personal and public devices and communication means in corporate environments, thus representing a challenge for the traditional security and risk management systems. In this dynamic and heterogeneous setting, the purpose of this paper is to present a methodology called opportunity-enabled risk management (OPPRIM), which supports the decision-making process in access control to remote corporate assets. Design/methodology/approach: OPPRIM relies on a logic-based risk policy model combining estimations of trust, threats and opportunities. Moreover, it is based on a mobile client – server architecture, where the OPPRIM application running on the user device interacts with the company IT security server to manage every access request to corporate assets. Findings: As a mandatory requirement in the highly flexible BYOD setting, in the OPPRIM approach, mobile device security risks are identified automatically and dynamically depending on the specific environment in which the access request is issued and on the previous history of events. Originality/value: The main novelty of the OPPRIM approach is the combined treatment of threats (resp., opportunities) and costs (resp., benefits) in a trust-based setting. The OPPRIM system is validated with respect to an economic perspective: cost-benefit sensitivity analysis is conducted through formal methods using the PRISM model checker and through agent-based simulations using the Anylogic framework. … (more)
- Is Part Of:
- Information and computer security. Volume 25:Number 1(2017)
- Journal:
- Information and computer security
- Issue:
- Volume 25:Number 1(2017)
- Issue Display:
- Volume 25, Issue 1 (2017)
- Year:
- 2017
- Volume:
- 25
- Issue:
- 1
- Issue Sort Value:
- 2017-0025-0001-0000
- Page Start:
- 2
- Page End:
- 25
- Publication Date:
- 2017-03-13
- Subjects:
- Model checking -- Risk management -- Formal methods -- BYOD -- Opportunity-based decision-making -- Trust system
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-05-2016-0037 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2069.xml