Model-based Threat and Risk Assessment for Systems Design
Avi Shaked, Avi Shaked, Yoram Reich
2021
Abstract
Integrating cybersecurity considerations in the design of modern systems is a significant challenge. As systems increasingly rely on connectivity and software to perform, cybersecurity issues of confidentiality, integrity and availability emerge. Addressing these issues during the design of a system – a security by-design approach – is desirable, and considered preferable to patching an existing design with extraneous components and mechanisms. In this paper, we present a model-based methodology for cybersecurity related systems design. This field-proven methodology takes into consideration cybersecurity threats alongside the system’s composition and existing mechanisms, in order to communicate, assess and drive the incorporation of security controls into the system design. We discuss aspects of the methodology’s design and how it relates to its real-life applications and usage context.
DownloadPaper Citation
in Harvard Style
Shaked A. and Reich Y. (2021). Model-based Threat and Risk Assessment for Systems Design.In Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-491-6, pages 331-338. DOI: 10.5220/0010187203310338
in Bibtex Style
@conference{icissp21,
author={Avi Shaked and Yoram Reich},
title={Model-based Threat and Risk Assessment for Systems Design},
booktitle={Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2021},
pages={331-338},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010187203310338},
isbn={978-989-758-491-6},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 7th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Model-based Threat and Risk Assessment for Systems Design
SN - 978-989-758-491-6
AU - Shaked A.
AU - Reich Y.
PY - 2021
SP - 331
EP - 338
DO - 10.5220/0010187203310338