Aggregation process for implementation of application security management based on risk assessment

2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus) Pub Date : 2018-01-01 DOI:10.1109/EICONRUS.2018.8317039

P. Anatoliy, F. Yuri, D. G. Vagiz, V. Yana, V. Aleksandr

{"title":"Aggregation process for implementation of application security management based on risk assessment","authors":"P. Anatoliy, F. Yuri, D. G. Vagiz, V. Yana, V. Aleksandr","doi":"10.1109/EICONRUS.2018.8317039","DOIUrl":null,"url":null,"abstract":"This article is devoted to the review and analysis of existing methods of ensuring information security based on risk models. The strengths and weaknesses of the model are investigated on the basis of reliability theory. The article discusses potential obstacle to managing application security effectively and describes five steps for managing security. Create inventory of application and their attributes and evaluating their role in business impact (Create a profile for each application and conduction analysis of date processed in the application). Software vulnerability search (Static Analysis (“white-box”); Dynamic Analysis (“black-box”); Interactive Analysis (“glass-box”); Mobile Application Analysis); Risk assessment and prioritization of vulnerabilities (Setting priorities for applications; Setting priorities for types of vulnerabilities; Setting priorities for the development team; Changing vulnerability priorities and reassessing risks). Elimination of vulnerabilities and minimization of risks (security manager sets priorities and firmed tasks for the development team.","PeriodicalId":6562,"journal":{"name":"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)","volume":"6 1","pages":"98-101"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EICONRUS.2018.8317039","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

This article is devoted to the review and analysis of existing methods of ensuring information security based on risk models. The strengths and weaknesses of the model are investigated on the basis of reliability theory. The article discusses potential obstacle to managing application security effectively and describes five steps for managing security. Create inventory of application and their attributes and evaluating their role in business impact (Create a profile for each application and conduction analysis of date processed in the application). Software vulnerability search (Static Analysis (“white-box”); Dynamic Analysis (“black-box”); Interactive Analysis (“glass-box”); Mobile Application Analysis); Risk assessment and prioritization of vulnerabilities (Setting priorities for applications; Setting priorities for types of vulnerabilities; Setting priorities for the development team; Changing vulnerability priorities and reassessing risks). Elimination of vulnerabilities and minimization of risks (security manager sets priorities and firmed tasks for the development team.

查看原文本刊更多论文

基于风险评估实现应用程序安全管理的聚合过程

本文致力于回顾和分析现有的基于风险模型的信息安全保障方法。基于可靠性理论，分析了该模型的优缺点。本文讨论了有效管理应用程序安全性的潜在障碍，并描述了管理安全性的五个步骤。创建应用程序及其属性的清单，并评估它们在业务影响中的角色(为每个应用程序创建概要文件，并对应用程序中处理的数据进行分析)。软件漏洞搜索(静态分析(“白盒”);动态分析(“黑盒”);互动分析(“玻璃盒”);移动应用分析);漏洞的风险评估和优先排序(为应用程序设置优先级;为漏洞类型设置优先级;为开发团队设定优先级;改变脆弱性优先级和重新评估风险)。消除漏洞和最小化风险(安全管理人员为开发团队设置优先级和确定任务)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)

自引率

0.00%

发文量