Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Supporting Risk Assessment with the Systematic Identification, Merging, and Validation of Security Goals

: Angermeier, D.; Nieding, A.; Eichler, J.


Großmann, Jürgen (Ed.); Felderer, Michael (Ed.); Seehusen, Fredrik (Ed.):
Risk Assessment and Risk-Driven Quality Assurance. 4th International Workshop, RISK 2016 : Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers
Cham: Springer International Publishing, 2017 (Lecture Notes in Computer Science 10224)
ISBN: 978-3-319-57857-6 (Print)
ISBN: 978-3-319-57858-3 (Online)
ISBN: 3-319-57857-X
DOI: 10.1007/978-3-319-57858-3
International Workshop on Risk Assessment and Risk-Driven Testing (RISK) <4, 2016, Graz>
International Conference on Testing Software and Systems (ICTSS) <28, 2016, Graz>
Fraunhofer AISEC ()

Assessing security-related risks in software or systems engineering is a challenging task: often, a heterogeneous set of distributed stakeholders creates a complex system of (software) components which are highly connected to each other, consumer electronics, or Internet-based services. Changes during development are frequent and must be evaluated and handled efficiently. Consequently, risk assessment itself becomes a complex task and its results must be comprehensible by all actors in the distributed environment. Especially, systematic and repeatable identification of security goals based on a model of the system under development (SUD) is not well-supported in established methods. Thus, we demonstrate how the systematic identification, merging, and validation of security goals based on a model of the SUD in a concrete implementation of our method Modular Risk Assessment (MoRA) supports security engineers to handle this challenge.