Logo des Repositoriums
 

Risk variance: Towards a definition of varying outcomes of IT security risk assessment

dc.contributor.authorKurowski, Sebastian
dc.contributor.authorSchunck, Christian H.
dc.contributor.editorRoßnagel, Heiko
dc.contributor.editorSchunck, Christian H.
dc.contributor.editorMödersheim, Sebastian
dc.date.accessioned2022-06-07T07:04:34Z
dc.date.available2022-06-07T07:04:34Z
dc.date.issued2022
dc.description.abstractAssessing IT-security risks in order to achieve adequate and efficient protection measures has become the core idea of various industry practices and regulatory frameworks in the last five years. Some research however suggests that the practice of assessing IT security risks may be subject to varying outcomes depending on personal, situational and contextual factors. In this contribution we first provide a definition of risk variance as the variation of risk assessment outcomes due to individual traits, the processual environment, the domain of the assessor, and possibly the target of the assessed risk. We then present the outcome of an interview series with 9 decision makers from different companies that aimed at discussing whether risk variance is an issue in their risk assessment procedures. Finally, we elaborate on the generalizability of the concept of risk variance, despite the low sample size in light of varying risk assessment procedures discussed in the interviews. We find that risk variance could be a general problem of current risk assessment procedures.en
dc.identifier.doi10.18420/OID2022_08
dc.identifier.isbn978-3-88579-719-7
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/38708
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofOpen Identity Summit 2022
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-305
dc.subjectRisk Analysis
dc.subjectRisk Assessment
dc.subjectRisk Management
dc.subjectIT-Security
dc.subjectInformation Security
dc.titleRisk variance: Towards a definition of varying outcomes of IT security risk assessmenten
dc.typeText/Conference Paper
gi.citation.endPage110
gi.citation.publisherPlaceBonn
gi.citation.startPage99
gi.conference.date07.-08. July 2022
gi.conference.locationCopenhagen, Denmark
gi.conference.sessiontitleRegular Research Papers

Dateien

Originalbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
Name:
proceedings-08.pdf
Größe:
262.14 KB
Format:
Adobe Portable Document Format