Combining security risk assessment and security testing

Complex networked systems have become an integral part of our supply infrastructure. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming accessible and thus vulnerable to hacker attacks. While the number of security incidents drastically increases, we are more than ever dependent on a secure and mature ICT infrastructure. One of the keys to maintain such a secure and dependable infrastructure are mature, systematic and capable proactive measures to reduce or prevent the risks of security incidents. This paper describes the systematic integration of security risk assessment and security testing to enable efficient and focused security assessments of networked systems.