Risk Methods and Tools for Identity Management Systems Deliverable D3.1 in Petweb II

The objective of this report is to test two classic risk analysis methods, namely Mehari and AICPA/CICA, using identity management scenarios in order to determine their suitability for risk analysis in IDMSs. In addition, the report compares these two classic methods to the Conflicting Incentives Risk Analysis (CIRA) method and the Executable Model-Based Risk Analysis Method (EM-BRAM) developed under the PetWeb II project. The comparison shows that the two classic risk analysis methods are useful for determining
administrative and management controls for IDMSs. They are expensive because their main inputs for the analysis are obtained from extensive assessment of an organization
and collaboration with system stakeholders. Their risk analysis method is based on subjective intuitions of risk assessors and therefore less accurate for security decisions. On the other hand, the EM-BRAM is useful for determining technical privacy and security risks in IDMSs. It analyzes technical systems rather than administrative and management procedures. EM-BRAM reduces subjectivity by relying on system characteristics for the risk analysis. There are indications that it is less expensive because the main inputs for analysis are a system specification and predetermined risk model. The CIRA method is useful for analyzing stakeholders’ risk based on their perceived incentives. It is similar to the classic risk analysis methods except that it could reduce subjectivity by trading a risk assessor’s subjective probabilities for a stakeholder’s perceived incentives.