CIRA Perspective on Risks Within UnRizkNow — A Case Study

Agrawal, Vivek; Szekeres, Ádám

doi:10.1109/cscloud.2017.14

Cited by 2 publications

(2 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our future work will consist of conducting a risk analysis of the benchmarking system. We will adopt CIRA method (Agrawal and Szekeres, 2017) to conduct the risk analysis exercise. The aim of this exercise will be to assess the conflict in the interest of the stakeholders involved in the benchmarking system and propose the treatment plan to reduce the conflict.…”

Section: Limitation and Future Workmentioning

confidence: 99%

“…We are establishing 'UnRizkNow' , , (Agrawal and Szekeres, 2017) as an open electronic community of practice (eCoP) (Mathwick et al, 2008), (Wiertz and de Ruyter, 2007) to allow information security practitioners (ISP) to share InfoSec knowledge without violating the information security requirements. We are working towards providing a secure benchmarking service on UnRizkNow eCoP.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Secure Benchmarking using Electronic Voting

Agrawal

Snekkenes

2018

Proceedings of the 15th International Joint Conference on E-Business and Telecommunications

Self Cite

View full text Add to dashboard Cite

It is a common practice in the industry to organize benchmark processes to establish information security performance evaluation standards. A benchmarking system collects information security-related data from the organization to establish a standard. The information shared by the organization often contains sensitive data (details of the vulnerability, Cyber attacks). The present benchmarking systems do not provide a secure way of exchanging sensitive information between the submitter and the benchmark authority. Furthermore, there is a lack of any mechanism for the submitters to verify that the final benchmark result contains the response submitted by them. Hence, people are reluctant to take active participation in sharing their sensitive information in the benchmarking process. We propose a novel approach to solve the security limitations of present benchmarking systems by applying the concepts of electronic voting to benchmark. Our solution provides secrecy to submitters' identity and to the benchmark responses. Our approach also ensures that all the submitted responses have been correctly counted and considered in the final benchmark result.

show abstract

Section: Limitation and Future Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%