P. Anatoliy, F. Yuri, D. G. Vagiz, V. Yana, V. Aleksandr
{"title":"基于风险评估实现应用程序安全管理的聚合过程","authors":"P. Anatoliy, F. Yuri, D. G. Vagiz, V. Yana, V. Aleksandr","doi":"10.1109/EICONRUS.2018.8317039","DOIUrl":null,"url":null,"abstract":"This article is devoted to the review and analysis of existing methods of ensuring information security based on risk models. The strengths and weaknesses of the model are investigated on the basis of reliability theory. The article discusses potential obstacle to managing application security effectively and describes five steps for managing security. Create inventory of application and their attributes and evaluating their role in business impact (Create a profile for each application and conduction analysis of date processed in the application). Software vulnerability search (Static Analysis (“white-box”); Dynamic Analysis (“black-box”); Interactive Analysis (“glass-box”); Mobile Application Analysis); Risk assessment and prioritization of vulnerabilities (Setting priorities for applications; Setting priorities for types of vulnerabilities; Setting priorities for the development team; Changing vulnerability priorities and reassessing risks). Elimination of vulnerabilities and minimization of risks (security manager sets priorities and firmed tasks for the development team.","PeriodicalId":6562,"journal":{"name":"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)","volume":"6 1","pages":"98-101"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Aggregation process for implementation of application security management based on risk assessment\",\"authors\":\"P. Anatoliy, F. Yuri, D. G. Vagiz, V. Yana, V. Aleksandr\",\"doi\":\"10.1109/EICONRUS.2018.8317039\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article is devoted to the review and analysis of existing methods of ensuring information security based on risk models. The strengths and weaknesses of the model are investigated on the basis of reliability theory. The article discusses potential obstacle to managing application security effectively and describes five steps for managing security. Create inventory of application and their attributes and evaluating their role in business impact (Create a profile for each application and conduction analysis of date processed in the application). Software vulnerability search (Static Analysis (“white-box”); Dynamic Analysis (“black-box”); Interactive Analysis (“glass-box”); Mobile Application Analysis); Risk assessment and prioritization of vulnerabilities (Setting priorities for applications; Setting priorities for types of vulnerabilities; Setting priorities for the development team; Changing vulnerability priorities and reassessing risks). Elimination of vulnerabilities and minimization of risks (security manager sets priorities and firmed tasks for the development team.\",\"PeriodicalId\":6562,\"journal\":{\"name\":\"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)\",\"volume\":\"6 1\",\"pages\":\"98-101\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EICONRUS.2018.8317039\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EICONRUS.2018.8317039","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Aggregation process for implementation of application security management based on risk assessment
This article is devoted to the review and analysis of existing methods of ensuring information security based on risk models. The strengths and weaknesses of the model are investigated on the basis of reliability theory. The article discusses potential obstacle to managing application security effectively and describes five steps for managing security. Create inventory of application and their attributes and evaluating their role in business impact (Create a profile for each application and conduction analysis of date processed in the application). Software vulnerability search (Static Analysis (“white-box”); Dynamic Analysis (“black-box”); Interactive Analysis (“glass-box”); Mobile Application Analysis); Risk assessment and prioritization of vulnerabilities (Setting priorities for applications; Setting priorities for types of vulnerabilities; Setting priorities for the development team; Changing vulnerability priorities and reassessing risks). Elimination of vulnerabilities and minimization of risks (security manager sets priorities and firmed tasks for the development team.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
