Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

17833 Value-driven Security Agreements in Extended Enterprises
Home Policy Brochure Browse Search User Area Contact Help

Nunes Leal Franqueira, V. and Wieringa, R.J. (2010) Value-driven Security Agreements in Extended Enterprises. Technical Report TR-CTIT-10-17, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625

Full text available as:


2055 Kb
Open Access

Exported to Metis


Today organizations are highly interconnected in business networks called extended enterprises. This is mostly facilitated by outsourcing and by new economic models based on pay-as-you-go billing; all supported by IT-as-a-service. Although outsourcing has been around for some time, what is now new is the fact that organizations are increasingly outsourcing critical business processes, engaging on complex service bundles, and moving infrastructure and their management to the custody of third parties. Although this gives competitive advantage by reducing cost and increasing flexibility, it increases security risks by eroding security perimeters that used to separate insiders with security privileges from outsiders without security privileges. The classical security distinction between insiders and outsiders is supplemented with a third category of threat agents, namely external insiders, who are not subject to the internal control of an organization but yet have some access privileges to its resources that normal outsiders do not have. Protection against external insiders requires security agreements between organizations in an extended enterprise. Currently, there is no practical method that allows security officers to specify such requirements. In this paper we provide a method for modeling an extended enterprise architecture, identifying external insider roles, and for specifying security requirements that mitigate security threats posed by these roles. We illustrate our method with a realistic example.

Item Type:Internal Report (Technical Report)
Research Group:EWI-IS: Information Systems
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:VRIEND: Value-Based Security Risk Mitigation in Enterprise Networks that are Decentralized
Uncontrolled Keywords:Extended Enterprise Architecture, Governance,
Security Agreement, External Insider Threat, Value Modeling
ID Code:17833
Deposited On:12 May 2010
More Information:statisticsmetis

Export this item as:

To correct this item please ask your editor

Repository Staff Only: edit this item