{"title":"建立网络安全风险元模型以改进方法和工具集成","authors":"Christophe Ponsard","doi":"arxiv-2409.07906","DOIUrl":null,"url":null,"abstract":"Nowadays, companies are highly exposed to cyber security threats. In many\nindustrial domains, protective measures are being deployed and actively\nsupported by standards. However the global process remains largely dependent on\ndocument driven approach or partial modelling which impacts both the efficiency\nand effectiveness of the cybersecurity process from the risk analysis step. In\nthis paper, we report on our experience in applying a model-driven approach on\nthe initial risk analysis step in connection with a later security testing. Our\nwork rely on a common metamodel which is used to map, synchronise and ensure\ninformation traceability across different tools. We validate our approach using\ndifferent scenarios relying domain modelling, system modelling, risk assessment\nand security testing tools.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Building a Cybersecurity Risk Metamodel for Improved Method and Tool Integration\",\"authors\":\"Christophe Ponsard\",\"doi\":\"arxiv-2409.07906\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays, companies are highly exposed to cyber security threats. In many\\nindustrial domains, protective measures are being deployed and actively\\nsupported by standards. However the global process remains largely dependent on\\ndocument driven approach or partial modelling which impacts both the efficiency\\nand effectiveness of the cybersecurity process from the risk analysis step. In\\nthis paper, we report on our experience in applying a model-driven approach on\\nthe initial risk analysis step in connection with a later security testing. Our\\nwork rely on a common metamodel which is used to map, synchronise and ensure\\ninformation traceability across different tools. We validate our approach using\\ndifferent scenarios relying domain modelling, system modelling, risk assessment\\nand security testing tools.\",\"PeriodicalId\":501278,\"journal\":{\"name\":\"arXiv - CS - Software Engineering\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.07906\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07906","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Building a Cybersecurity Risk Metamodel for Improved Method and Tool Integration
Nowadays, companies are highly exposed to cyber security threats. In many
industrial domains, protective measures are being deployed and actively
supported by standards. However the global process remains largely dependent on
document driven approach or partial modelling which impacts both the efficiency
and effectiveness of the cybersecurity process from the risk analysis step. In
this paper, we report on our experience in applying a model-driven approach on
the initial risk analysis step in connection with a later security testing. Our
work rely on a common metamodel which is used to map, synchronise and ensure
information traceability across different tools. We validate our approach using
different scenarios relying domain modelling, system modelling, risk assessment
and security testing tools.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
