Systematic Identification of Security Goals and Threats in Risk Assessment

Assessing security-related risks in software or systems engineering is a challenging task: often, a heterogeneous set of distributed stakeholders create a complex system of (software) components which are highly connected to each other, consumer electronics, or Internet-based services. Changes are frequent and must be handled efficiently. Consequently, risk assessment itself becomes a complex task and its results must be comprehensible by all actors in the distributed environment. Especially, systematic and repeatable identification of security goals and threats based on a model of the system under development (SUD) is not well-supported in established methods. Thus, we show how the systematic identification of security goals as well as threats based on a model of the SUD in a concrete implementation of our method Modular Risk Assessment (MoRA) supports security engineers to handle this challenge.

Angermeier, Daniel; Nieding, Alexander; Eichler, Jörn (2016): Systematic Identification of Security Goals and Threats in Risk Assessment. Softwaretechnik-Trends Band 36, Heft 3. Bonn: Geselllschaft für Informatik e.V.. PISSN: 0720-8928. Berichte aus den Fachgruppen und Arbeitskreisen

Sammlungen

Softwaretechnik-Trends 36(3) - 2016

Komplettanzeige

Systematic Identification of Security Goals and Threats in Risk Assessment

Volltext URI

Dokumententyp

Dateien

Zusatzinformation

Datum

Autor:innen

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Quelle

Verlag

Zusammenfassung

Beschreibung

Schlagwörter

Zitierform

DOI

Tags

Sammlungen