Beyond Traceability: Compared Approaches to Consistent Security Risk Assessments

  title={Beyond Traceability: Compared Approaches to Consistent Security Risk Assessments},
  author={F. Bergomi and S. Paul and B. Solhaug and Rapha{\"e}l Vignon-Davillier},
  journal={2013 International Conference on Availability, Reliability and Security},
As military and civil software-intensive information systems grow and become more and more complex, structured approaches, called architecture frameworks (AF), were developed to support their engineering. The concepts of these approaches were standardised under ISO/IEC 42010 - Systems and Software Engineering - Architecture Description. An Architecture Description is composed of Views, where each View addresses one or more engineering concerns. As mentioned in the standard, a multi-viewpoint… Expand
6 Citations
Security risk analysis of system changes exemplified within the oil and gas domain
  • 7
  • PDF
Evolution of Security Engineering Artifacts: A State of the Art Survey
  • 13
  • PDF
'CTRL_S' - A Security Tool for SESAR's Design-In Security Approach
A model for user-centric information security risk assessment and response
  • Highly Influenced
Traceability in cyber risk assessment: A design science approach


Model-driven risk analysis of evolving critical infrastructures
  • 21
  • PDF
Security Requirements Specification in Service-Oriented Business Process Management
  • 109
  • PDF
Using abuse case models for security requirements analysis
  • J. McDermott, C. Fox
  • Computer Science
  • Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99)
  • 1999
  • 491
  • PDF
Mal-Activity Diagrams for Capturing Attacks on Business Processes
  • G. Sindre
  • Engineering, Computer Science
  • 2007
  • 87
  • PDF
Goal-driven risk assessment in requirements engineering
  • 107
  • PDF
MoVEing Forward: Towards an Architecture and Processes for a Living Models Infrastructure
  • 9
Risk Analysis of Changing and Evolving Systems Using CORAS
  • 44
  • PDF
Security Considerations in the System Development Life Cycle
  • 83
  • PDF
Model-Driven Risk Analysis - The CORAS Approach
  • 358
UMLintr: a UML profile for specifying intrusions
  • 52