OPPRIM
OPPRIM stands for "Opportunity-Enabled Risk Management for Trust and Risk-Aware Asset Access Decision-Making".
Nowadays Bring-Your-Own-Device (BYOD) and mobile work are a reality even if they challenge traditional security perimeters and risk management that mainly focus on the threats that these mobile opportunities create. They do not consider their potential benefits, e.g., if a user cannot work when being paid then the productivity is lower. This is the main reason that we introduce a new risk management model, called OPPRIM, where opportunities are also taken into account.
Thus, in our model, we have two main types of events used for decision-making:
- Threats with potential cost in Euros
- Opportunities with potential benefits in Euros
And several other elements which play also an important part in the OPPRIM decision making flow:
- Assets
- Clues
- Users
- Risk Communications and Risk Treatments
- Risk Policies
- Security Incidents
- Decision Metrics
All these previous elements are combined and used in the OPPRIM decision making engine, resulting in the flow depicted in the following picture:
In the following subsections we will explain each of these previous elements and how they take part in the OPPRIM flow previously depicted.