Corpus ID: 15744381

A Threat-Driven Approach to Cyber Security Methodologies , Practices and Tools to Enable a Functionally Integrated Cyber Security Organization

@inproceedings{Muckin2015ATA,
  title={A Threat-Driven Approach to Cyber Security Methodologies , Practices and Tools to Enable a Functionally Integrated Cyber Security Organization},
  author={Michael Muckin},
  year={2015}
}
  • Michael Muckin
  • Published 2015
  • Computer Science
  • Contemporary cyber security risk management practices are largely driven by compliance requirements, which force organizations to focus on security controls and vulnerabilities. Risk management considers multiple facets – including assets, threats, vulnerabilities and controls – which are jointly evaluated with the variables of probability and impact. Threats cause damage to information systems. Threats utilize vulnerabilities to enact this damage, and security controls are implemented to… CONTINUE READING

    Create an AI-powered research feed to stay up to date with new papers like this posted to ArXiv

    Citations

    Publications citing this paper.
    SHOWING 1-10 OF 11 CITATIONS

    Cyber-Physical Security for Advanced Manufacturing

    VIEW 4 EXCERPTS
    CITES METHODS
    HIGHLY INFLUENCED

    Applying a Threat Model to Cloud Computing

    VIEW 8 EXCERPTS
    CITES METHODS
    HIGHLY INFLUENCED

    Defendable Architectures Achieving Cyber Security by Designing for Intelligence Driven Defense

    VIEW 6 EXCERPTS
    CITES METHODS & BACKGROUND
    HIGHLY INFLUENCED

    Applying Indications and Warning Frameworks to Cyber Incidents

    Automating Threat Intelligence for SDL

    VIEW 1 EXCERPT
    CITES BACKGROUND

    Security Risk Management of E-commerce Systems

    VIEW 1 EXCERPT
    CITES BACKGROUND

    References

    Publications referenced by this paper.
    SHOWING 1-10 OF 29 REFERENCES

    Defendable Architectures

    • S. C. Fitch, M. Muckin
    • 2015.
    • 2015
    VIEW 4 EXCERPTS
    HIGHLY INFLUENTIAL

    STRIDE Chart

    • A. Shostack
    • 11 September 2007. [Online]. Available: http://blogs.microsoft.com/cybertrust/2007/09/11/stride-chart/.
    • 2007
    VIEW 10 EXCERPTS
    HIGHLY INFLUENTIAL

    Application Security and Development STIG

    • Defense Information Systems Agency DISA
    • 24 October 2014. [Online]. Available: http://iase.disa.mil/stigs/app-security/app-security/Pages/appsecurity.aspx.
    • 2014
    VIEW 2 EXCERPTS

    Exposing the Cyber Cracks: A Global Perspective

    • LLC Ponemon Institute
    • Sponsored by WebSense, 2014.
    • 2014
    VIEW 1 EXCERPT

    Friend of the Devil and the Shostack Code

    • G. Peterson
    • 12 March 2014. [Online]. Available: http://1raindrop.typepad.com/1_raindrop/2014/03/this-is-part-three-on-looking-at-governanceand-compliance-in-the-first-post-we-looked-at-charlie-mungers-comments-on-gove.html.
    • 2014
    VIEW 1 EXCERPT

    Heartbleed

    • Codenomicon
    • April 2014. [Online]. Available: http://heartbleed.com/.
    • 2014
    VIEW 1 EXCERPT

    Security Threat Modeling: Six Steps to Success

    • WebSense
    • 6 March 2014. [Online]. Available: http://community.websense.com/blogs/websense-insights/archive/2014/03/06/security-threatmodeling-six-steps-to-success.aspx.
    • 2014
    VIEW 1 EXCERPT

    Threat Model Tool 2014; Cyber Trust Blog

    • Microsft Corporation
    • [Online]. Available: http://blogs.microsoft.com/cybertrust/2014/04/15/introducing-microsoft-threat-modeling-tool- 2014/.
    • 2014
    VIEW 3 EXCERPTS