• Publications
  • Influence
Model-driven risk analysis of evolving critical infrastructures
TLDR
This paper addresses these challenges by presenting an approach to model-driven security risk analysis of changing and evolving systems. Expand
  • 21
  • 3
  • PDF
Approaches for the combined use of risk analysis and testing: a systematic literature review
TLDR
This paper presents results from a systematic literature review addressing the combined use of risk analysis and testing. Expand
  • 37
  • 2
  • PDF
An Evaluation of the Graphical Modeling Framework (GMF) Based on the Development of the CORAS Tool
TLDR
We present an evaluation of the Graphical Modeling Framework (GMF) based on our experiences in developing an editor for the risk modeling language CORAS using GMF. Expand
  • 13
  • 2
  • PDF
A Technique for Risk-Based Test Procedure Identification, Prioritization and Selection
TLDR
We present a technique for risk-based test procedure identification, prioritization, and selection that can be used with many existing risk documentation languages and many kinds of likelihood and risk types. Expand
  • 9
  • 2
Tool-Supported Risk Modeling and Analysis of Evolving Critical Infrastructures
TLDR
Risk management is coordinated activities to direct and control an organization with regard to risk, and includes the identification, analysis and mitigation of unacceptable risks. Expand
  • 10
  • 1
  • PDF
Facing Uncertainty in Cyber Insurance Policies
TLDR
Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. Expand
  • 11
  • 1
Differentiating Cyber Risk of Insurance Customers: The Insurance Company Perspective
TLDR
This paper explores the challenges insurance companies face in assessing cyber risk, based on literature and interviews with representatives from insurers. Expand
  • 7
  • 1
When to Treat Security Risks with Cyber Insurance
TLDR
We propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. Expand
  • 2
  • 1
  • PDF
Combining Security Risk Assessment and Security Testing Based on Standards
TLDR
We show how ISO 31000 and ISO/IEC/IEEE 29119 can be integrated to provide a comprehensive approach to cyber security that covers both security risk assessment and security testing. Expand
  • 12
  • PDF
Information flow security, abstraction and composition
TLDR
We present a framework for specifying secure information flow properties that are preserved under refinement of underspecification, translation, and composition. Expand
  • 13
  • PDF
...
1
2
3
4
...