22 October 2010


Proposal abstract
The objective of this project is the realization of a secure, flexible and dynamic mechanism using risk-based methodologies, capable of responding to threats and vulnerabilities and to adapt dynamically to the changes in the operating conditions, business processes or use practices, through the management of the entire vulnerability life cycle.
Besides the technological aspect, the project will give adequate attention to usability and availability aspects, and will thus involve multi-disciplinary research activities, experiments or demonstrations in realistic, complex and scalable sceneries and contexts
Thanks to the VMS, organizations will be able to measure, in a faster and more accurate way, the level of risk connected to ES device and ICT infrastructure.
Using the VMS, the organization will make ES more secure, reliable and resistant to attacks and operative malfunctioning, improving Security, Privacy and Dependability (SPD)

Risk management will be performed through the following logical steps:
1. determination of objectives, alternatives and constraints;
2. evaluation of alternatives, identification and resolution of risks eg., developing a prototype to validate the requirements;
development and testing of the next level of the product: evolutionary model, if the risks involving the user interface are dominant; cascade model, if the greater risk is represented by the integrability of the system; transformational model, if security is the most important issue;
3. Planning of the next phase, deciding whether to continue with another cycle of the spiral or not.

for further info: infonetwork@igcsas.it