Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Levels of Authentication Assurance: an Investigation
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
Trust management for secure information flows
Proceedings of the 15th ACM conference on Computer and communications security
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
| Hi-index | 0.00 |
Risk analysis is one of major phases in information security. In a modern framework of qualitative risk analysis, it is common that each of information assets, threats and vulnerability is given a small number of grades on which risk assessment of the information is based. In this paper, first, we propose that we use results of risk assessment in access control among servers. By reusing the results, we can collect the cost of risk assessment in access control. Secondly, we propose a hybrid of conventional risk assessment with detailed analysis in giving LoAs. Based on a conventional qualitative a-small-number-of-grade system, we adapt it in the way that we can get reward for a small investment by partially adopting detailed risk analysis. This adjustment is represented as epsilons. We propose the system of epsilon, and show our case of OTP where this adjustment is effective in assessment of authentication mechanism. Our experience shows that we can implement the adjustment by making a local comparison with a reference model.