Trust is perceived-risk and not the actual risk 'secure'does not imply for users to trust it. many users are more likely to place their trust in something that provides assurances for the cases when something goes wrong, rather than... more
Trust is perceived-risk and not the actual risk 'secure'does not imply for users to trust it. many users are more likely to place their trust in something that provides assurances for the cases when something goes wrong, rather than something that claims nothing can go wrong (as a result of deployment safeguards) in the first place.[Lacohee, 2006]
Abstract Recently, there has been an increase of reported security threats hitting organizations. Some of them are originated from the assignments to users of inappropriate permissions on organizational sensitive data. Thus it is crucial... more
Abstract Recently, there has been an increase of reported security threats hitting organizations. Some of them are originated from the assignments to users of inappropriate permissions on organizational sensitive data. Thus it is crucial for organizations to recognize as early as possible the risks deriving by inappropriate access right management and to identify the solutions that they need to prevent such risks.
The Governance, Risk, and Compliance (GRC) management process for Information Security is a necessity for any software systems where important information is collected, processed, and used. To this extent, many standards for security... more
The Governance, Risk, and Compliance (GRC) management process for Information Security is a necessity for any software systems where important information is collected, processed, and used. To this extent, many standards for security managements at operational level exists (eg, ITIL, ISO27K family etc). What is often missing is a process to govern security at organizational level.
Most of the critical aspects for secure and dependable systems, such as safety, integrity, availability, are related to uncertainty. Literature proposes many approaches to deal with uncertainty, mainly in the area of risk management and... more
Most of the critical aspects for secure and dependable systems, such as safety, integrity, availability, are related to uncertainty. Literature proposes many approaches to deal with uncertainty, mainly in the area of risk management and safety&reliability engineering. However, what is still missing is a clear understanding of the nature of uncertainty that very often has produced mistreatments in the design.