Using assurance models to aid the risk and governance life cycle
BT Technology Journal
A risk-driven security analysis method and modelling language
BT Technology Journal
| Hi-index | 0.00 |
BT and HP research labs have been studying the use of modelling as a way to make managing the security of complex ICT systems tractable. From among the wide range of security management problems, this paper focuses on assurance, i.e. demonstrating that risks are appropriately managed. Recent regulations such as Sarbanes-Oxley make effective levels of assurance mandatory, so the subject is highly topical. This paper describes some of the results from the BT and HP research programmes in the context of ICT services. The approaches are highly complementary and potential benefits accrue from applying them in combination. The paper ends with a discussion of the challenges of assurance in collaborative business contexts and how the modelling techniques can be extended to address them.