“…3 Attestation techniques Information Unauthorized access, Information loss scc 4 Repudiation mechanisms Information Manipulation of info, Information loss scc 5 Isolation means Software System failure, Malicious code scc 6 Input validation strategies Software Malicious code, Denegation of service scc 7 Settings change management strategies Software Malicious code, Privileges escalation scc 8 Versions management strategies Information Manipulation of information, Malicious code scc 9 Monitoring strategies Software Privileges escalation, System failure, Unauthorized access, Malicious code, Denegation of service scc 10 Software execution schemas Software System failure, Malicious code scc 11 Session time assignment Software Privileges escalation, Unauthorized access, Malicious code scc 12 Resource exposure Information Unauthorized access, Eavesdropping scc 13 Alert mechanisms Software, Information Unauthorized access, Eavesdropping, Manipulation of information, Information loss, Denegation of service, Malicious code, Privileges escalation, System failure scc 14 User advertising strategies Software, Information Manipulation of Information, Information loss, Unauthorized access scc 15 Routing mechanisms Information Eavesdropping, Denegation of service scc 16 Backup strategies Information Manipulation of information, Information loss, Denegation of service In order to evaluate the previously proposed method in a real scenario, we have defined a situation in a regular enterprise holding many information assets whose access is handled using access control systems. This scenario is composed by a risk analysis module, a resource store, a counter-measures module and an access control policies engine, as represented in Fig.…”