Stefan Taubenberger scite author profile

Stefan Taubenberger

5Publications

14Citation Statements Received

81Citation Statements Given

How they've been cited

How they cite others

115

Affiliations

The Open University

Publications

Order By: Most citations

Resolving vulnerability identification errors using security requirements on business process models

Taubenberger

Jürjens

et al. 2013

View full text Add to dashboard Cite

Purpose -In any information security risk assessment, vulnerabilities are usually identified by information-gathering techniques. However, vulnerability identification errors -wrongly identified or unidentified vulnerabilities -can occur as uncertain data are used. Furthermore, businesses' security needs are not considered sufficiently. Hence, security functions may not protect business assets sufficiently and cost-effectively.Design/methodology/approach -This paper aims to resolve vulnerability errors by analysing the security requirements of information assets in business process models. Business process models have been selected for use, because there is a close relationship between business process objectives and risks.Security functions are evaluated in terms of the information flow of business processes regarding their security requirements. The claim that vulnerability errors can be resolved was validated by comparing the results of a current risk assessment approach with the proposed approach. The comparison is conducted both at three entities of an insurance company, as well as through a controlled experiment within a survey among security professionals.Findings -Vulnerability identification errors can be resolved by explicitly evaluating security requirements in the course of business; this is not considered in current assessment methods.Research limitations/implications -Security requirements should be explicitly evaluated in risk assessments considering the business context. Results of any evaluation of security requirements could be used to indicate the security of information. The approach was only tested in the insurance domain and therefore results may not be applicable to other business sectors.Originality/value -It is shown that vulnerability identification errors occur in practice. With the explicit evaluation of security requirements, identification errors can be resolved. Risk assessment methods should consider the explicit evaluation of security requirements.

show abstract

Problem Analysis of Traditional IT-Security Risk Assessment Methods – An Experience Report from the Insurance and Auditing Domain

Taubenberger¹,

Jürjens

et al. 2011

View full text Add to dashboard Cite

Abstract. Traditional information technology (IT) security risk assessment approaches are based on an analysis of events, probabilities and impacts. In practice, security experts often find it difficult to determine IT risks reliably with precision. In this paper, we review the risk determination steps of traditional risk assessment approaches and report on our experience of using such approaches. Our experience is based on performing IT audits and IT business insurance cover assessments within a reinsurance company. The paper concludes with a summary of issues concerning traditional approaches that are related to the identification and evaluation of events, probabilities and impacts. We also conclude that there is a need to develop alternative approaches, and suggest a security requirements-based risk assessment approach without events and probabilities.

show abstract

IT-Prüfungsplanung – COBIT der Standard für die Prüfungsplanung?

Taubenberger¹

2008

ZIR

View full text Add to dashboard Cite

Prüfungsplanung in der EDV-Revision – Ein IT-Audit-Universe Modell

Taubenberger¹

2006

ZIR

View full text Add to dashboard Cite

Vulnerability Identification Errors in Security Risk Assessments

Taubenberger¹

2014

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.