Collaborative Approach to Security Risk Management Information
Maicon Balke$^{1}$, Lisandra Fontoura$^{1}$, Luis Alvaro de Lima Silva$^{1}$
$^{1}$Universidade Federal de Santa Maria. Santa Maria, Brazil
email: maiconbalke@gmail.com, lisandramf@gmail.com, silva.luisalvaro@gmail.com

Schedule:Mon 19th@11:45, Room: B

Risk management is one of the main management processes of security information since it aims to identify, analyze, evaluate and control risks that are due to security information. To utilize users‘ experiences in this process, the utilization of collaborative tasks allows one to exploit argumentative interactions between project participants that are involved in the development of risk management debates regarding security information. The goal of this paper is to propose an argumentation-based collaborative approach to deal with such risk management of security information. The approach aims to guarantee that activities defined in a security risk management process are executed accordingly. In it, a set of rules is proposed to ensure that the final security risk management debate is complete and consistent with the arguments presented by participants of a security software project. This communication protocol is tailored to a process of security risk management that was particularly defined from the ISO / IEC 27005. The protocol allows users to structure and control risk discussions developed by debate participants using a web-based tool called RD System. Through this system, a case study was developed to validate the approach proposed in this work.