Information Asymmetry in Classified Cross Domain System Security Accreditation
Joe Loughry
Abstract
The difficulty of cross domain systems security accreditation lies inherent in the fact that, by definition, such systems always span at least one boundary between security domains controlled by different data owners. Consequently, approved solutions regularly encounter security testing criteria that represent the duplicated responsibility for residual risk of multiple security accreditors. Each data owner perceives a site-specific set of risks that would be desirable to mitigate, a technology-dependent set of risks that it is possible to mitigate, and a residual risk it is felt acceptable not to mitigate. Time and cost inefficiency in cross domain system accreditation are shown to originate f
Address
Rennes‚ France
Book Title
Computer and Electronics Security Applications Rendez−vous (CESAR) 2012
Month
20–22 November
Note
To appear
Year
2012