Value-Based Security Risk Mitigation in Enterprise Networks that are Decentralized) (2007-2011)



Funded by:STW Sentinels
Duration:January 2007 until December 2011
Contact:Prof.Dr. R.J. Wieringa (Roel)

Networks that are Decentralized) (2007-2011)

Information Systems Group, University of Twente (is.ewi.utwente.nl)

Project: VRIEND (Value-Based Security Risk Mitigation in Enterprise Networks that are Decentralized)

Thequestion to be investigated in VRIEND is how to extend current risk management practices with methods and techniques to deal with security risks in decentralized networks. We will investigate this, firstly, by developing methods and techniques to build up a security baseline for a value web, which is a set of security patterns agreed upon by members of a value web, of which the risk-mitigating properties have been quantitavely specified, and which are related to business goals and external legislation that therse patterns help to achieve. Secondly, we will develop quantitative techniques for security architecture design in decentralized networks, by means of which in a business project can compose the security mechanisms in the baseline into a security architecture of the business project result. In a value web where each business has its own commercial interests, architecture design must use cost/benefit techniques to lead to agreement among different business partners. We will develop dynamic quantitative techniques, that allow businesses to incorporate the appearance of new security mechanisms, the occurrence of new threats or incidents, and of changes in security goals over time. To guarantee relevance of our results, research will be performed by means of case studies done with our business partners.

Project information

Period: 2007-2011

Sponsor: STW Sentinels

Partners: Philips, Corus, Akzo Nobel, DSM

Publications

More information: see the project proposal and the VRIEND website



[BACK]