作者
Keun-Young Park, Sang-Guun Yoo, Juho Kim
发表日期
2011
研讨会论文
Convergence and Hybrid Information Technology: 5th International Conference, ICHIT 2011, Daejeon, Korea, September 22-24, 2011. Proceedings 5
页码范围
142-152
出版商
Springer Berlin Heidelberg
简介
Information systems manage assets that are critical for the business processes of organizations. Therefore, it is imperative that information systems be guaranteed and secured from the beginning of their development life cycle. Several approaches such as misuse cases, attack tree, and threat modeling have been proposed by way of security requirements. However, these approaches do not prioritize security requirements, though it is necessary in many cases. For example, when the security budget is insufficient, security requirements need to be prioritized to decide what will be developed and what will not. In this paper, we propose an extension to threat modeling by creating a process that allows the prioritization of security requirements via the valuation of assets, threats, and countermeasures modeled in a tree-like structured graph that we refer to as a “valuation graph.”
学术搜索中的文章
KY Park, SG Yoo, J Kim - Convergence and Hybrid Information Technology: 5th …, 2011