Zeitschriftenartikel
Systematic Identification of Security Goals and Threats in Risk Assessment
Vorschaubild nicht verfügbar
Volltext URI
Dokumententyp
Text/Journal Article
Zusatzinformation
Datum
2016
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Geselllschaft für Informatik e.V.
Zusammenfassung
Assessing security-related risks in software or systems engineering is a challenging task: often, a heterogeneous set of distributed stakeholders create a complex system of (software) components which are highly connected to each other, consumer electronics, or Internet-based services. Changes are frequent and must be handled efficiently. Consequently, risk assessment itself becomes a complex task and its results must be comprehensible by all actors in the distributed environment. Especially, systematic and repeatable identification of security goals and threats based on a model of the system under development (SUD) is not well-supported in established methods. Thus, we show how the systematic identification of security goals as well as threats based on a model of the SUD in a concrete implementation of our method Modular Risk Assessment (MoRA) supports security engineers to handle this challenge.