{"title":"Building a Cybersecurity Risk Metamodel for Improved Method and Tool Integration","authors":"Christophe Ponsard","doi":"arxiv-2409.07906","DOIUrl":null,"url":null,"abstract":"Nowadays, companies are highly exposed to cyber security threats. In many\nindustrial domains, protective measures are being deployed and actively\nsupported by standards. However the global process remains largely dependent on\ndocument driven approach or partial modelling which impacts both the efficiency\nand effectiveness of the cybersecurity process from the risk analysis step. In\nthis paper, we report on our experience in applying a model-driven approach on\nthe initial risk analysis step in connection with a later security testing. Our\nwork rely on a common metamodel which is used to map, synchronise and ensure\ninformation traceability across different tools. We validate our approach using\ndifferent scenarios relying domain modelling, system modelling, risk assessment\nand security testing tools.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07906","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Nowadays, companies are highly exposed to cyber security threats. In many
industrial domains, protective measures are being deployed and actively
supported by standards. However the global process remains largely dependent on
document driven approach or partial modelling which impacts both the efficiency
and effectiveness of the cybersecurity process from the risk analysis step. In
this paper, we report on our experience in applying a model-driven approach on
the initial risk analysis step in connection with a later security testing. Our
work rely on a common metamodel which is used to map, synchronise and ensure
information traceability across different tools. We validate our approach using
different scenarios relying domain modelling, system modelling, risk assessment
and security testing tools.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
