{"title":"汽车IT服务早期设计阶段的安全威胁识别和定义","authors":"R. Lupu, Octavian Catrina, Nicolas Moro","doi":"10.1109/COMM48946.2020.9142039","DOIUrl":null,"url":null,"abstract":"As part of security and privacy threats modelling process, the systematic identification, definition and analysis of threats is important to accurately highlight the resources that would ultimately play a critical role in achieving the organization’s business objectives. We show how we proceeded to identify and formalize the security threats based on the automotive emergency service use-case scenario. Furthermore, we propose a technique to scale for scenarios with many stakeholders. Even though the related information system was in its concept phase (i.e. only coarse risk assessment was possible), we focused on the rigorous dichotomy of the business assets and critical resources and the mapping in-between via the security goals set definition, a technique that facilitates the definition of the attacks’ goals, as well as a more precise evaluation of the impacts on organization business assets.","PeriodicalId":405841,"journal":{"name":"2020 13th International Conference on Communications (COMM)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security threats identification and definition in early design phases of automotive IT services\",\"authors\":\"R. Lupu, Octavian Catrina, Nicolas Moro\",\"doi\":\"10.1109/COMM48946.2020.9142039\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As part of security and privacy threats modelling process, the systematic identification, definition and analysis of threats is important to accurately highlight the resources that would ultimately play a critical role in achieving the organization’s business objectives. We show how we proceeded to identify and formalize the security threats based on the automotive emergency service use-case scenario. Furthermore, we propose a technique to scale for scenarios with many stakeholders. Even though the related information system was in its concept phase (i.e. only coarse risk assessment was possible), we focused on the rigorous dichotomy of the business assets and critical resources and the mapping in-between via the security goals set definition, a technique that facilitates the definition of the attacks’ goals, as well as a more precise evaluation of the impacts on organization business assets.\",\"PeriodicalId\":405841,\"journal\":{\"name\":\"2020 13th International Conference on Communications (COMM)\",\"volume\":\"113 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 13th International Conference on Communications (COMM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/COMM48946.2020.9142039\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 13th International Conference on Communications (COMM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMM48946.2020.9142039","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security threats identification and definition in early design phases of automotive IT services
As part of security and privacy threats modelling process, the systematic identification, definition and analysis of threats is important to accurately highlight the resources that would ultimately play a critical role in achieving the organization’s business objectives. We show how we proceeded to identify and formalize the security threats based on the automotive emergency service use-case scenario. Furthermore, we propose a technique to scale for scenarios with many stakeholders. Even though the related information system was in its concept phase (i.e. only coarse risk assessment was possible), we focused on the rigorous dichotomy of the business assets and critical resources and the mapping in-between via the security goals set definition, a technique that facilitates the definition of the attacks’ goals, as well as a more precise evaluation of the impacts on organization business assets.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
