Referenzmodell für ein Vorgehen bei der IT-Sicherheitsanalyse

Abstract: Es wird ein Referenzmodell ontologisch sinnvoll organisierter Begriffe der IT-Sicherheit vorgestellt und gezeigt, wie dieses eine Begründung zur systematischen Durchführung von IT-Sicherheitsanalysen liefert. Das Referenzmodell besteht aus vier Ebenen: erstens die vorhandene Welt aus Gütern und Interessenkonflikten mit den bestehenden Systemen und ihren Schwachstellen; zweitens das Potenzial aus Bedrohungen und Sicherheitsanforderungen; drittens das planvolle Vorgehen mit Sicherheitsmaßnahmen zum Schutz von Ge… Show more

“…Requirements represent the desirable system properties. Threats exploit vulnerabilities of (IT) systems and violate these requirements and which need to be defended by effective security measures (Grimm et al, 2014).…”

“…In order to defend these threats and to minimize their risk an effective protection enforcement has to be implemented. While the first pillar is directly derived from the entanglement of privacy and communication, the last three pillars are well-established categorizations in IT security analysis (Grimm et al, 2014).…”

“…The general analysis process is described in (Grimm et al, 2014) and includes that all threats have to be identified and quantified by their risk. Threats originate from conflicting interests between actors, and they manifest when weaknesses of the IT system and their embedding organization are exploited.…”

Linking loose ends: An interdisciplinary privacy and communication model

“…Requirements represent the desirable system properties. Threats exploit vulnerabilities of (IT) systems and violate these requirements and which need to be defended by effective security measures (Grimm et al, 2014).…”

“…In order to defend these threats and to minimize their risk an effective protection enforcement has to be implemented. While the first pillar is directly derived from the entanglement of privacy and communication, the last three pillars are well-established categorizations in IT security analysis (Grimm et al, 2014).…”

“…The general analysis process is described in (Grimm et al, 2014) and includes that all threats have to be identified and quantified by their risk. Threats originate from conflicting interests between actors, and they manifest when weaknesses of the IT system and their embedding organization are exploited.…”

Linking loose ends: An interdisciplinary privacy and communication model

Extension of a didactic media competence model by privacy risk