Author:
Aldini Alessandro,Seigneur Jean-Marc,Ballester Lafuente Carlos,Titi Xavier,Guislain Jonathan
Abstract
Purpose
The Bring-Your-Own-Device (BYOD) paradigm favors the use of personal and public devices and communication means in corporate environments, thus representing a challenge for the traditional security and risk management systems. In this dynamic and heterogeneous setting, the purpose of this paper is to present a methodology called opportunity-enabled risk management (OPPRIM), which supports the decision-making process in access control to remote corporate assets.
Design/methodology/approach
OPPRIM relies on a logic-based risk policy model combining estimations of trust, threats and opportunities. Moreover, it is based on a mobile client – server architecture, where the OPPRIM application running on the user device interacts with the company IT security server to manage every access request to corporate assets.
Findings
As a mandatory requirement in the highly flexible BYOD setting, in the OPPRIM approach, mobile device security risks are identified automatically and dynamically depending on the specific environment in which the access request is issued and on the previous history of events.
Originality/value
The main novelty of the OPPRIM approach is the combined treatment of threats (resp., opportunities) and costs (resp., benefits) in a trust-based setting. The OPPRIM system is validated with respect to an economic perspective: cost-benefit sensitivity analysis is conducted through formal methods using the PRISM model checker and through agent-based simulations using the Anylogic framework.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference37 articles.
1. A formal approach to the integrated analysis of security and qos;Journal of Reliability Engineering & System Safety,2007
2. Formal modeling and verification of opportunity-enabled risk management,2015
3. Securing the ‘bring your own device’ paradigm;IEEE Computer,2014
4. Modelling risk and identifying countermeasure in organizations,2006
5. Risk as dependability metrics for the evaluation of business solutions: a model-driven approach,2008
Cited by
9 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献