基于风险评估实现应用程序安全管理的聚合过程

P. Anatoliy, F. Yuri, D. G. Vagiz, V. Yana, V. Aleksandr
{"title":"基于风险评估实现应用程序安全管理的聚合过程","authors":"P. Anatoliy, F. Yuri, D. G. Vagiz, V. Yana, V. Aleksandr","doi":"10.1109/EICONRUS.2018.8317039","DOIUrl":null,"url":null,"abstract":"This article is devoted to the review and analysis of existing methods of ensuring information security based on risk models. The strengths and weaknesses of the model are investigated on the basis of reliability theory. The article discusses potential obstacle to managing application security effectively and describes five steps for managing security. Create inventory of application and their attributes and evaluating their role in business impact (Create a profile for each application and conduction analysis of date processed in the application). Software vulnerability search (Static Analysis (“white-box”); Dynamic Analysis (“black-box”); Interactive Analysis (“glass-box”); Mobile Application Analysis); Risk assessment and prioritization of vulnerabilities (Setting priorities for applications; Setting priorities for types of vulnerabilities; Setting priorities for the development team; Changing vulnerability priorities and reassessing risks). Elimination of vulnerabilities and minimization of risks (security manager sets priorities and firmed tasks for the development team.","PeriodicalId":6562,"journal":{"name":"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)","volume":"6 1","pages":"98-101"},"PeriodicalIF":0.0000,"publicationDate":"2018-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Aggregation process for implementation of application security management based on risk assessment\",\"authors\":\"P. Anatoliy, F. Yuri, D. G. Vagiz, V. Yana, V. Aleksandr\",\"doi\":\"10.1109/EICONRUS.2018.8317039\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article is devoted to the review and analysis of existing methods of ensuring information security based on risk models. The strengths and weaknesses of the model are investigated on the basis of reliability theory. The article discusses potential obstacle to managing application security effectively and describes five steps for managing security. Create inventory of application and their attributes and evaluating their role in business impact (Create a profile for each application and conduction analysis of date processed in the application). Software vulnerability search (Static Analysis (“white-box”); Dynamic Analysis (“black-box”); Interactive Analysis (“glass-box”); Mobile Application Analysis); Risk assessment and prioritization of vulnerabilities (Setting priorities for applications; Setting priorities for types of vulnerabilities; Setting priorities for the development team; Changing vulnerability priorities and reassessing risks). Elimination of vulnerabilities and minimization of risks (security manager sets priorities and firmed tasks for the development team.\",\"PeriodicalId\":6562,\"journal\":{\"name\":\"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)\",\"volume\":\"6 1\",\"pages\":\"98-101\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EICONRUS.2018.8317039\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EICONRUS.2018.8317039","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7

摘要

本文致力于回顾和分析现有的基于风险模型的信息安全保障方法。基于可靠性理论,分析了该模型的优缺点。本文讨论了有效管理应用程序安全性的潜在障碍,并描述了管理安全性的五个步骤。创建应用程序及其属性的清单,并评估它们在业务影响中的角色(为每个应用程序创建概要文件,并对应用程序中处理的数据进行分析)。软件漏洞搜索(静态分析(“白盒”);动态分析(“黑盒”);互动分析(“玻璃盒”);移动应用分析);漏洞的风险评估和优先排序(为应用程序设置优先级;为漏洞类型设置优先级;为开发团队设定优先级;改变脆弱性优先级和重新评估风险)。消除漏洞和最小化风险(安全管理人员为开发团队设置优先级和确定任务)。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Aggregation process for implementation of application security management based on risk assessment
This article is devoted to the review and analysis of existing methods of ensuring information security based on risk models. The strengths and weaknesses of the model are investigated on the basis of reliability theory. The article discusses potential obstacle to managing application security effectively and describes five steps for managing security. Create inventory of application and their attributes and evaluating their role in business impact (Create a profile for each application and conduction analysis of date processed in the application). Software vulnerability search (Static Analysis (“white-box”); Dynamic Analysis (“black-box”); Interactive Analysis (“glass-box”); Mobile Application Analysis); Risk assessment and prioritization of vulnerabilities (Setting priorities for applications; Setting priorities for types of vulnerabilities; Setting priorities for the development team; Changing vulnerability priorities and reassessing risks). Elimination of vulnerabilities and minimization of risks (security manager sets priorities and firmed tasks for the development team.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信