Security service level agreements: quantifiable security for the enterprise?
Proceedings of the 1999 workshop on New security paradigms
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
Business Modelling Is Not Process Modelling
ER '00 Proceedings of the Workshops on Conceptual Modeling Approaches for E-Business and The World Wide Web and Conceptual Modeling: Conceptual Modeling for E-Business and the Web
Role-Based Access Control
Honeypots: Catching the Insider Threat
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Supporting Viewpoint-Oriented Enterprise Architecture
EDOC '04 Proceedings of the Enterprise Distributed Object Computing Conference, Eighth IEEE International
Digital Identity
Position: "insider" is relative
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Managing IT Outsourcing: Governance in global partnerships
Managing IT Outsourcing: Governance in global partnerships
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Why Trust is not Proportional to Risk
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
eTVRA, a Threat, Vulnerability and Risk Assessment Method and Tool for eEurope
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Security and Trust in IT Business Outsourcing: a Manifesto
Electronic Notes in Theoretical Computer Science (ENTCS)
Managing Risk Propagation in Extended Enterprise Networks
IT Professional
Value-Driven Coordination Process Design Using Physical Delivery Models
ER '08 Proceedings of the 27th International Conference on Conceptual Modeling
Journal of Engineering and Technology Management
Threat agents: a necessary component of threat analysis
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Risk-based Confidentiality Requirements Specification for Outsourced IT Systems
RE '10 Proceedings of the 2010 18th IEEE International Requirements Engineering Conference
Multi-dimensional evidence-based trust management with multi-trusted paths
Future Generation Computer Systems
Using real option thinking to improve decision making in security investment
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Organization Science
ITIL Service Transition 2011 Edition
ITIL Service Transition 2011 Edition
Security SLAs for Federated Cloud Services
ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
Mitigating Risks Associated with Transitive Trust in Service-Based Identity Propagation
Information Security Journal: A Global Perspective
| Hi-index | 0.00 |
Companies are increasingly engaging in complex inter-organisational networks of business and trading partners, service and managed security providers to run their operations. Therefore, it is now common to outsource critical business processes and to completely move IT resources to the custody of third parties. Such extended enterprises create individuals who are neither completely insiders nor outsiders of a company, requiring new solutions to mitigate the security threat they cause. This paper improves the method introduced in Franqueira et al. 2012 for the analysis of such threat to support negotiation of security agreements in B2B contracts. The method, illustrated via a manufacturer-retailer example, has three main ingredients: modelling to scope the analysis and to identify external insider roles, access matrix to obtain need-to-know requirements, and reverse-engineering of security best practices to analyse both pose-threat and enforce-security perspectives of external insider roles. The paper also proposes future research directions to overcome challenges identified.