An extended misuse case notation : Including vulnerabilities and the insider threat

@inproceedings{RostadAnEM,
  title={An extended misuse case notation : Including vulnerabilities and the insider threat},
  author={Lillian. Rostad}
}
Misuse cases are a useful technique for eliciting and modelling security requirements and threats. In addition they may be very useful in a risk analysis process, particularly as part of the system development process. The original misuse case notation adds inverted use cases to model threats and inverted actors to represent attackers. However, an attack is usually performed by exploiting a vulnerability in a system and it would be useful to be able to represent vulnerable functions in a model… CONTINUE READING