Enhancement of the ValueSec Risk Management Model
Andrzej Bialas
DOI: http://dx.doi.org/10.15439/2014F275
Citation: Position Papers of the 2014 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 3, pages 201–208 (2014)
Abstract. The paper concerns the ValueSec methodology and tool which support decisions related to the security measures selection in different application contexts. The ValueSec project, financed by the European Commission Seventh Framework Programme (FP7), considers security measures which properly affect risk, are cost effective, bring benefits and are free of different restrictions (political, social, legal, psychological, etc.). These restrictions, called here qualitative factors (criteria), are hard to identify and assess. The ValueSec methodology is based on three pillars: risk assessment, cost-benefits assessment and qualitative criteria assessment. The paper discusses the project results by identifying their positive and negative features and proposing to enhance the ValueSec methodology. The focus is on one of the possible enhancements, i.e. monitoring factors which influence the measure effectiveness during its operation. The proposed concept shows how the shortage of resources needed for the measure implementation and operation impacts the measure efficiency during the operation.