Franqueira, Virginia Nunes Leal, van Cleeff, Andre, van Eck, Pascal and Wieringa, Roel J. (2013) Engineering Security Agreements Against External Insider Threat. Information Resources Management Journal, 26 (4). pp. 66-91.
Full text not available from this repository.
Official URL: http://www.igi-global.com/article/engineering-secu...
Companies are increasingly engaging in complex inter-organisational networks of business and trading partners,
service and managed security providers to run their operations. Therefore, it is now common to outsource
critical business processes and to completely move IT resources to the custody of third parties. Such extended
enterprises create individuals who are neither completely insiders nor outsiders of a company, requiring new solutions to mitigate the security threat they cause. This paper improves the method introduced in Franqueira
et al. (2012) for the analysis of such threat to support negotiation of security agreements in B2B contracts.
The method, illustrated via a manufacturer-retailer example, has three main ingredients: modelling to scope
the analysis and to identify external insider roles, access matrix to obtain need-to-know requirements, and
reverse-engineering of security best practices to analyse both pose-threat and enforce-security perspectives of
external insider roles. The paper also proposes future research directions to overcome challenges identified.
|Uncontrolled Keywords (separate with ;):||Business Network; Conceptual Modelling; Extended Enterprise; Inter-Organisational Network; Security Analysis; Security Management; Service Level Agreement|
|Subjects:||Computer science > Computer architectures & operating systems|
|Schools:||Faculty of Science and Technology > School of Physical Sciences and Computing|
|Deposited By:||Virginia Nunes Leal Franqueira|
|Deposited On:||12 Feb 2014 09:26|
|Last Modified:||09 Aug 2016 15:41|
Downloads per month over past year
Downloads for past 30 days
Repository Staff Only: item control page