A Case Study of Introducing Security Risk Assessment in Requirements Engineering in a Large Organization

Ardi, Shanai; Sandahl, Kristian; Hellström, Magnus

doi:10.1007/s42979-023-01968-x

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Book1

Article1

Relationship

Self Cite0

Independent2

Authors

Journals

Cited by 2 publications

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Analysing Information Security Risks When Remotely Connecting to the Web Interface

Bobrov,

Govorova,

Melnikov

et al. 2024

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

Analysing Information Security Risks When Remotely Connecting to the Web Interface

Bobrov,

Govorova,

Melnikov

et al. 2024

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

Improving Vulnerability Management Through Process Mining

Meyer,

Heininger,

Stary

2024

Applied Sciences

View full text Add to dashboard Cite

With the number of cyber-attacks growing rapidly and the opportunities to attack companies widening, vulnerability management is gaining increased importance. It needs to reduce the variety of possibilities by remediating vulnerabilities found in IT infrastructures. Process mining is an established method used to discover, analyze, and manage data on (implemented) business processes. This paper proposes utilizing process mining for business-critical processes, including IT processes. This work explores how vulnerability management processes can be improved through process monitoring, targeting the operation time of processes, remediation, and the continuous management of the vulnerability process design. Thereby, process mining is applied for monitoring following the CRISP data mining approach. Process analysis includes process discovery, conformance checking, and process enhancement. Improving the vulnerability management process is based on the discovered vulnerability process, which is enhanced with throughput time data as well as priority, source, and assignment group data. Improvements concern changing the configuration of a source and better training for certain assignment groups. Process discovery can also be used to identify the cause for improper remediation of vulnerabilities. In this case, unwanted activity flows, which indicate that a major part of the vulnerability management process is being skipped, need to be identified. Finally, the continuous use of process mining allows for the monitoring of process modifications, including the impact of implemented improvements.

show abstract

A Case Study of Introducing Security Risk Assessment in Requirements Engineering in a Large Organization

Cited by 2 publications

References 35 publications

Analysing Information Security Risks When Remotely Connecting to the Web Interface

Analysing Information Security Risks When Remotely Connecting to the Web Interface

Improving Vulnerability Management Through Process Mining

Contact Info

Product

Resources

About