Using the Conflicting Incentives Risk Analysis Method - Security and Privacy Protection in Information Processing Systems Access content directly
Conference Papers Year : 2013

Using the Conflicting Incentives Risk Analysis Method

Lisa Rajbhandari
  • Function : Author
  • PersonId : 1001107
Einar Snekkenes
  • Function : Author
  • PersonId : 1001108

Abstract

Risk is usually expressed as a combination of likelihood and consequence but obtaining credible likelihood estimates is difficult. The Conflicting Incentives Risk Analysis (CIRA) method uses an alternative notion of risk. In CIRA, risk is modeled in terms of conflicting incentives between the risk owner and other stakeholders in regards to the execution of actions. However, very little has been published regarding how CIRA performs in non-trivial settings. This paper addresses this issue by applying CIRA to an Identity Management System (IdMS) similar to the eGovernment IdMS of Norway. To reduce sensitivity and confidentiality issues the study uses the Case Study Role Play (CSRP) method. In CSRP, data is collected from the individuals playing the role of fictitious characters rather than from an operational setting. The study highlights several risk issues and has helped in identifying areas where CIRA can be improved.
Fichier principal
Vignette du fichier
978-3-642-39218-4_24_Chapter.pdf (274.46 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01463835 , version 1 (09-02-2017)

Licence

Attribution

Identifiers

Cite

Lisa Rajbhandari, Einar Snekkenes. Using the Conflicting Incentives Risk Analysis Method. 28th Security and Privacy Protection in Information Processing Systems (SEC), Jul 2013, Auckland, New Zealand. pp.315-329, ⟨10.1007/978-3-642-39218-4_24⟩. ⟨hal-01463835⟩
232 View
256 Download

Altmetric

Share

Gmail Facebook X LinkedIn More