Welcome to the InfoSci Platform
Reference Hub6
E-Voting Risk Assessment: A Threat Tree for Direct Recording Electronic Systems

E-Voting Risk Assessment: A Threat Tree for Direct Recording Electronic Systems

Harold Pardue, Jeffrey P. Landry, Alec Yasinsac
Copyright: © 2011 |Volume: 5 |Issue: 3 |Pages: 17
ISSN: 1930-1650|EISSN: 1930-1669|EISBN13: 9781613507575|DOI: 10.4018/jisp.2011070102
Cite Article Cite Article

MLA

Pardue, Harold, et al. "E-Voting Risk Assessment: A Threat Tree for Direct Recording Electronic Systems." IJISP vol.5, no.3 2011: pp.19-35. http://doi.org/10.4018/jisp.2011070102

APA

Pardue, H., Landry, J. P., & Yasinsac, A. (2011). E-Voting Risk Assessment: A Threat Tree for Direct Recording Electronic Systems. International Journal of Information Security and Privacy (IJISP), 5(3), 19-35. http://doi.org/10.4018/jisp.2011070102

Chicago

Pardue, Harold, Jeffrey P. Landry, and Alec Yasinsac. "E-Voting Risk Assessment: A Threat Tree for Direct Recording Electronic Systems," International Journal of Information Security and Privacy (IJISP) 5, no.3: 19-35. http://doi.org/10.4018/jisp.2011070102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Approximately 25% (according to http://verifiedvoting.com/) of voting jurisdictions use direct recording electronic systems to record votes. Accurate tabulation of voter intent is critical to safeguard this fundamental act of democracy: voting. Electronic voting systems are known to be vulnerable to attack. Assessing risk to these systems requires a systematic treatment and cataloging of threats, vulnerabilities, technologies, controls, and operational environments. This paper presents a threat tree for direct recording electronic (DRE) voting systems. The threat tree is organized as a hierarchy of threat actions, the goal of which is to exploit a system vulnerability in the context of specific technologies, controls, and operational environment. As an abstraction, the threat tree allows the analyst to reason comparatively about threats. A panel of elections officials, security experts, academics, election law attorneys, representatives from governmental agencies, voting equipment vendors, and voting equipment testing labs vetted the DRE threat tree. The authors submit that the DRE threat tree supports both individual and group risk assessment processes and techniques.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.