GI LogoGI Logo
  • Login
Digital Library
    • All of DSpace

      • Communities & Collections
      • Titles
      • Authors
      • By Issue Date
      • Subjects
    • This Collection

      • Titles
      • Authors
      • By Issue Date
      • Subjects
Digital Library Gesellschaft für Informatik e.V.
GI-DL
    • English
    • Deutsch
  • English 
    • English
    • Deutsch
View Item 
  •   DSpace Home
  • Lecture Notes in Informatics
  • Proceedings
  • Open Identity Summit
  • P325 - Open Identity Summit 2022
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
  •   DSpace Home
  • Lecture Notes in Informatics
  • Proceedings
  • Open Identity Summit
  • P325 - Open Identity Summit 2022
  • View Item

Risk variance: Towards a definition of varying outcomes of IT security risk assessment

Author:
Kurowski, Sebastian [DBLP] ;
Schunck, Christian H. [DBLP]
Abstract
Assessing IT-security risks in order to achieve adequate and efficient protection measures has become the core idea of various industry practices and regulatory frameworks in the last five years. Some research however suggests that the practice of assessing IT security risks may be subject to varying outcomes depending on personal, situational and contextual factors. In this contribution we first provide a definition of risk variance as the variation of risk assessment outcomes due to individual traits, the processual environment, the domain of the assessor, and possibly the target of the assessed risk. We then present the outcome of an interview series with 9 decision makers from different companies that aimed at discussing whether risk variance is an issue in their risk assessment procedures. Finally, we elaborate on the generalizability of the concept of risk variance, despite the low sample size in light of varying risk assessment procedures discussed in the interviews. We find that risk variance could be a general problem of current risk assessment procedures.
  • Citation
  • BibTeX
Kurowski, S. & Schunck, C. H., (2022). Risk variance: Towards a definition of varying outcomes of IT security risk assessment. In: Roßnagel, H., Schunck, C. H. & Mödersheim, S. (Hrsg.), Open Identity Summit 2022. Bonn: Gesellschaft für Informatik e.V.. (S. 99-110). DOI: 10.18420/OID2022_08
@inproceedings{mci/Kurowski2022,
author = {Kurowski, Sebastian AND Schunck, Christian H.},
title = {Risk variance: Towards a definition of varying outcomes of IT security risk assessment},
booktitle = {Open Identity Summit 2022},
year = {2022},
editor = {Roßnagel, Heiko AND Schunck, Christian H. AND Mödersheim, Sebastian} ,
pages = { 99-110 } ,
doi = { 10.18420/OID2022_08 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
DateienGroesseFormatAnzeige
proceedings-08.pdf262.1Kb PDF View/Open

Sollte hier kein Volltext (PDF) verlinkt sein, dann kann es sein, dass dieser aus verschiedenen Gruenden (z.B. Lizenzen oder Copyright) nur in einer anderen Digital Library verfuegbar ist. Versuchen Sie in diesem Fall einen Zugriff ueber die verlinkte DOI: 10.18420/OID2022_08

Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback

More Info

DOI: 10.18420/OID2022_08
ISBN: 978-3-88579-719-7
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2022
Language: en (en)
Content Type: Text/Conference Paper

Keywords

  • Risk Analysis
  • Risk Assessment
  • Risk Management
  • IT-Security
  • Information Security
Collections
  • P325 - Open Identity Summit 2022 [14]

Show full item record


About uns | FAQ | Help | Imprint | Datenschutz

Gesellschaft für Informatik e.V. (GI), Kontakt: Geschäftsstelle der GI
Diese Digital Library basiert auf DSpace.

 

 


About uns | FAQ | Help | Imprint | Datenschutz

Gesellschaft für Informatik e.V. (GI), Kontakt: Geschäftsstelle der GI
Diese Digital Library basiert auf DSpace.