Add to ORKGWe describe a framework for risk assessment specifically within the context of risk-based access control systems, which make authorization decisions by determining the security risk associated with access requests and weighing such security risk against operational needs together with situational conditions. Our framework estimates risk as a product of threat and impact scores. The framework that we describe includes four different ap-proaches for conducting threat assessment: an object sensitivity-based approach, a subject trustworthiness-based approach and two additional approaches which are based on the dif-ference between object sensitivity and subject trustworthiness. We motivate each of the four approaches with a series of examples. W...
Web-based collaboration provides a platform which allows users from different domains to share and a...
The Internet of Things (IoT) represents a modern approach where boundaries between real and digital ...
This paper looks at the development of a framework for information security risk assessments within ...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do no...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Risk assessment and access control are important issues in cloud computing. In this paper, we propos...
The increasing need to share information in dynamic environments has created a requirement for risk-...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
Intrusion and threat detection systems analyze large amount of security-related data logs for detect...
Over the past decades a significant number of methods to identify and mitigate security risks have b...
Intrusion and threat detection systems analyze large amount of security-related data logs for detect...
Insider Attacks are one of the most dangerous threats organizations face today. An insider attack oc...
Summary The security of access and information flow carries with it the risk that resources will be ...
Web-based collaboration provides a platform which allows users from different domains to share and a...
The Internet of Things (IoT) represents a modern approach where boundaries between real and digital ...
This paper looks at the development of a framework for information security risk assessments within ...
Abstract—Over the years, role based access control (RBAC) has remained a dominant form of access con...
Context-based access control is an emerging approach for modeling adaptive solution, making access c...
Traditional security and access control systems, such as MLS/Bell-LaPadula, RBAC are rigid and do no...
The increasing need to share information in dynamic environments has created a requirement for risk-...
Risk assessment and access control are important issues in cloud computing. In this paper, we propos...
The increasing need to share information in dynamic environments has created a requirement for risk-...
In traditional multi-level security systems, trust and risk values are pre-computed. Any change in t...
Intrusion and threat detection systems analyze large amount of security-related data logs for detect...
Over the past decades a significant number of methods to identify and mitigate security risks have b...
Intrusion and threat detection systems analyze large amount of security-related data logs for detect...
Insider Attacks are one of the most dangerous threats organizations face today. An insider attack oc...
Summary The security of access and information flow carries with it the risk that resources will be ...
Web-based collaboration provides a platform which allows users from different domains to share and a...
The Internet of Things (IoT) represents a modern approach where boundaries between real and digital ...
This paper looks at the development of a framework for information security risk assessments within ...