Cross Threats Evaluation and Control in Proactive Risk Management
In the present day world of complex software systems and expanding connectivity, business perceptions are also changing. More and more organizations are invariably resorting to outsourcing, partnerships, Joint Ventures for business promotion and financial gains. This has given rise to new class of threats from external insiders due to third party involvement. These threats will henceforth be termed as Cross Threats. Various survey reports from different countries suggest that this class of threats is increasing day by day necessitating prevention of such threats. Proactive risk management of today demands that vigorous remedial steps may have to be taken to guard against threats from outsiders, insiders and external insiders to make the security of the system meaningful and rather fool proof. Three pronged attacks on all the fronts against threats to assets may have to be engineered as a part of proactive risk management. Although a lot of attention has been paid by the researchers to avoid threats from outsiders and insiders, not much work has been done in case of Cross Threats from external insiders. These threats may be more damaging as compared to other categories as the external insiders do not fall under the control of single organization. This fact has prompted us to extend our research in this area. Our new approach i.e. Cross Threat Evaluation and Control (CTEC) is a step in this direction. The proposed approach is threefold and consists of Evolution, identification and control of Cross Threats by adopting proactive measures to avert such threats. We have supplemented our approach with study on Cloud Computing as Cross Threats in this case are more significant.
cross threats external insiders proactive risk managenent cloud computing
Vandana Gandotra Archana Singhal Punam Bedi
University of Delhi, Delhi, India
国际会议
2011 International Conference on Security Science and Technology(ICSST 2011) (2011年安全科学与技术国际会议)
重庆
英文
257-262
2011-01-21(万方平台首次上网日期,不代表论文的发表时间)