The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
DEXA '03 Proceedings of the 14th International Workshop on Database and Expert Systems Applications
International Journal of Information Security - Special issue on SC 2003
Using assurance models to aid the risk and governance life cycle
BT Technology Journal
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Benefits of federated identity management: a survey from an integrated operations viewpoint
ARES'11 Proceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems
| Hi-index | 0.00 |
Federated identity management is an emerging paradigm that is rightly getting a lot of standardization and research attention. One aspect that is not receiving enough attention is assurance. Given the challenges enterprises faced trying to demonstrate appropriate control of their internal and monolithic identity management systems, the problem of how to provide assurance to multiple stakeholders that controls, operations and technologies that cut across organisational boundaries, are appropriately mitigating risk, looks daunting. The paper provides an exposition of the assurance process, how it applies to identity management and particularly to federated identity management. Our contribution is to show technology can be used to overcome many of trust, transparency and information reconciliation problems. Specifically we show how declarative assurance models can orchestrate and automate much of the assurance work, how certain enforcement technologies can radically improve identity assurance, and how an assurance framework can provide a basis for judging the assurance value of security technologies.