91,543 research outputs found
Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE
As more businesses and users adopt cloud computing services, security
vulnerabilities will be increasingly found and exploited. There are many
technological and political challenges where investigation of potentially
criminal incidents in the cloud are concerned. Security experts, however, must
still be able to acquire and analyze data in a methodical, rigorous and
forensically sound manner. This work applies the STRIDE asset-based risk
assessment method to cloud computing infrastructure for the purpose of
identifying and assessing an organization's ability to respond to and
investigate breaches in cloud computing environments. An extension to the
STRIDE risk assessment model is proposed to help organizations quickly respond
to incidents while ensuring acquisition and integrity of the largest amount of
digital evidence possible. Further, the proposed model allows organizations to
assess the needs and capacity of their incident responders before an incident
occurs.Comment: 13 pages, 3 figures, 3 tables, 5th International Conference on
Digital Forensics and Cyber Crime; Digital Forensics and Cyber Crime, pp.
223-236, 201
Evaluating cost taxonomies for information systems management
The consideration of costs, benefits and risks underpin many Information System (IS) evaluation decisions. Yet, vendors
and project-champions alike tend to identify and focus much of their effort on the benefits achievable from the
adoption of new technology, as it is often not in the interest of key stakeholders to spend too much time considering
the wider cost and risk implications of enterprise-wide technology adoptions. In identifying a void in the literature, the
authors of the paper present a critical analysis of IS-cost taxonomies. In doing so, the authors establish that such cost
taxonomies tend to be esoteric and difficult to operationalize, as they lack specifics in detail. Therefore, in developing a
deeper understanding of IS-related costs, the authors position the need to identify, control and reduce IS-related costs
within the information systems evaluation domain, through culminating and then synthesizing the literature into a
frame of reference that supports the evaluation of information systems through a deeper understanding of IS-cost taxonomies.
The paper then concludes by emphasizing that the total costs associated with IS-adoption can only be determined
after having considered the multi-faceted dimensions of information system investments
Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification
The past decade has seen an increasing interest in IT outsourcing as it promises companies many economic benefits. In recent years, IT paradigms, such as Software-as-a-Service or Cloud Computing using third-party services, are increasingly adopted. Current studies show that IT security and data privacy are the dominant factors affecting the perceived risk of IT outsourcing. Therefore, we explicitly focus on determining the technological risks related to IT security and quality of service characteristics associated with IT outsourcing. We conducted an extensive literature review, and thoroughly document the process in order to reach high validity and reliability. 149 papers have been evaluated based on a review of the whole content and out of the finally relevant 68 papers, we extracted 757 risk items. Using a successive refinement approach, which involved reduction of similar items and iterative re-grouping, we establish a taxonomy with nine risk categories for the final 70 technological risk items. Moreover, we describe how the taxonomy can be used to support the first two phases of the IT risk management process: risk identification and quantification. Therefore, for each item, we give parameters relevant for using them in an existing mathematical risk quantification model
A framework for identifying uncertainties in long-term digital preservation
With the current expansion in digital information comes an increasing need to preserve such assets. The ENSURE (Enabling knowledge Sustainability, Usability and Recovery for Economic value) pro-ject, a research project under the European Community's Seventh Framework Programme, is the par-ent project to this research area and its aim is to conduct advanced research to address the challenges of Long Term Digital Preservation (LTDP) to ensure the successful preservation, availability and ac-cessibility of preserved data in the future. Focusing on identifying uncertainties in the LTDP activities and their impact on cost and economic performance of digital preservation systems, this paper dis-cusses a framework to identify uncertainties in LTDP for business sectors interested
- …