|
|
|
The VRIEND project (funded by the Sentinels programme)
Value-Based Security Risk Mitigation in Enterprise Networks that are Decentralized (VRIEND)
In industrial practice, security engineering is risk management: How to mitigate security risk given a finite budget? Today the IT of a business is connected to that of others in a value web of business partners, suppliers and customers, each of whom has its own confidentiality, integrity and availability requirements. This creates new security challenges, because there is no central decision-making authority in these networks. The question to be investigated in VRIEND is how to extend current risk management practices with methods and techniques to deal with security risks in decentralized networks.
We will investigate this, firstly, by developing methods and techniques to build up a security baseline for a so-called value web, which is a set of security patterns. Secondly, we will develop quantitative techniques for security architecture design in decentralized networks. In a value web where each business has its own commercial interests, architecture design must use cost/benefit techniques to lead to agreement among different business partners. We will develop dynamic quantitative techniques, that allow businesses to incorporate the appearance of new security mechanisms, the occurrence of new threats or incidents, and of changes in security goals over time. changes in security goals over time.
To guarantee relevance of our results, research will be performed by means of case studies done with our business partners AkzoNobel, Corus Strip Produxcts, DSM, Hoffmann Strategic Risk Management, and Philips.
|
