Sciweavers

RE
2010
Springer

Risk-based Confidentiality Requirements Specification for Outsourced IT Systems

13 years 7 months ago
Risk-based Confidentiality Requirements Specification for Outsourced IT Systems
Today, companies are required to be in control of their IT assets, and to provide proof of this in the form of independent IT audit reports. However, many companies have outsourced various parts of their IT systems to other companies, which potentially threatens the control they have of their IT assets. To provide proof of being in control of outsourced IT systems, the outsourcing client and outsourcing provider need a written service level agreement (SLA) that can be audited by an independent party. SLAs for availability and response time are common practice in business, but so far there is no practical method for specifying confidentiality requirements in an SLA. Specifying confidentiality requirements is hard because in contrast to availability and response time, confidentiality incidents cannot be monitored: attackers who breach confidentiality try to do this unobserved by both client and provider. In addition, providers usually do not want to reveal their own infrastructure to the...
Ayse Morali, Roel Wieringa
Added 20 May 2011
Updated 20 May 2011
Type Journal
Year 2010
Where RE
Authors Ayse Morali, Roel Wieringa
Comments (0)