建立网络安全风险元模型以改进方法和工具集成

Christophe Ponsard
{"title":"建立网络安全风险元模型以改进方法和工具集成","authors":"Christophe Ponsard","doi":"arxiv-2409.07906","DOIUrl":null,"url":null,"abstract":"Nowadays, companies are highly exposed to cyber security threats. In many\nindustrial domains, protective measures are being deployed and actively\nsupported by standards. However the global process remains largely dependent on\ndocument driven approach or partial modelling which impacts both the efficiency\nand effectiveness of the cybersecurity process from the risk analysis step. In\nthis paper, we report on our experience in applying a model-driven approach on\nthe initial risk analysis step in connection with a later security testing. Our\nwork rely on a common metamodel which is used to map, synchronise and ensure\ninformation traceability across different tools. We validate our approach using\ndifferent scenarios relying domain modelling, system modelling, risk assessment\nand security testing tools.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Building a Cybersecurity Risk Metamodel for Improved Method and Tool Integration\",\"authors\":\"Christophe Ponsard\",\"doi\":\"arxiv-2409.07906\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays, companies are highly exposed to cyber security threats. In many\\nindustrial domains, protective measures are being deployed and actively\\nsupported by standards. However the global process remains largely dependent on\\ndocument driven approach or partial modelling which impacts both the efficiency\\nand effectiveness of the cybersecurity process from the risk analysis step. In\\nthis paper, we report on our experience in applying a model-driven approach on\\nthe initial risk analysis step in connection with a later security testing. Our\\nwork rely on a common metamodel which is used to map, synchronise and ensure\\ninformation traceability across different tools. We validate our approach using\\ndifferent scenarios relying domain modelling, system modelling, risk assessment\\nand security testing tools.\",\"PeriodicalId\":501278,\"journal\":{\"name\":\"arXiv - CS - Software Engineering\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.07906\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07906","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

如今,企业极易受到网络安全威胁。在许多行业领域,保护措施正在部署,并得到标准的积极支持。然而,全球流程在很大程度上仍然依赖于文档驱动方法或部分建模,这影响了从风险分析步骤开始的网络安全流程的效率和效果。在本文中,我们报告了在与后期安全测试相关的初始风险分析步骤中应用模型驱动方法的经验。我们的工作依赖于一个通用的元模型,该模型用于映射、同步和确保不同工具之间的信息可追溯性。我们利用不同的场景验证了我们的方法,这些场景依赖于领域建模、系统建模、风险评估和安全测试工具。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Building a Cybersecurity Risk Metamodel for Improved Method and Tool Integration
Nowadays, companies are highly exposed to cyber security threats. In many industrial domains, protective measures are being deployed and actively supported by standards. However the global process remains largely dependent on document driven approach or partial modelling which impacts both the efficiency and effectiveness of the cybersecurity process from the risk analysis step. In this paper, we report on our experience in applying a model-driven approach on the initial risk analysis step in connection with a later security testing. Our work rely on a common metamodel which is used to map, synchronise and ensure information traceability across different tools. We validate our approach using different scenarios relying domain modelling, system modelling, risk assessment and security testing tools.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Promise and Peril of Collaborative Code Generation Models: Balancing Effectiveness and Memorization Shannon Entropy is better Feature than Category and Sentiment in User Feedback Processing Motivations, Challenges, Best Practices, and Benefits for Bots and Conversational Agents in Software Engineering: A Multivocal Literature Review A Taxonomy of Self-Admitted Technical Debt in Deep Learning Systems Investigating team maturity in an agile automotive reorganization
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1