Goal-oriented security threat mitigation patterns

Abstract: Most attacks on computer and software systems are caused by threats to known vulnerabilities. Part of the reason is that it is difficult to possess necessary broad and deep knowledge of security related strategic knowledge to choose mitigating solutions suitable for a specific application or organization. This paper presents three patterns that use goaloriented concepts to capture knowledge of security problems and their corresponding mitigating solutions. Each pattern captures three kinds of problems, includi… Show more

“…Even though the success rate of this model was around 50% but it shed light to the capability to develop software that protect or at least warn people against the threats that come from internet. It is widely understood that security threats can be moderated greatly when users know about the exposures in their systems [13]. However, the required knowledge is a broad and cannot be acquired easily.…”

“…However, the required knowledge is a broad and cannot be acquired easily. Therefore, there is an approach (goaloriented) developed by [13] to narrow the broadness and facilitate requiring knowledge. The model seems little complicated but it creates patterns for security threats and prevention, those patterns collected based on meta-data.…”

“…The solution contains threat prevention and risk transfer. The solution in the model of Supakkul et al (2009) is based on mitigation of the threats. The mitigation either cost driven, usability driven or availability driven.…”

Web User' Knowledge and Their Behavior towards Security Threats and Vulnerabilities

“…Even though the success rate of this model was around 50% but it shed light to the capability to develop software that protect or at least warn people against the threats that come from internet. It is widely understood that security threats can be moderated greatly when users know about the exposures in their systems [13]. However, the required knowledge is a broad and cannot be acquired easily.…”

“…However, the required knowledge is a broad and cannot be acquired easily. Therefore, there is an approach (goaloriented) developed by [13] to narrow the broadness and facilitate requiring knowledge. The model seems little complicated but it creates patterns for security threats and prevention, those patterns collected based on meta-data.…”

“…The solution contains threat prevention and risk transfer. The solution in the model of Supakkul et al (2009) is based on mitigation of the threats. The mitigation either cost driven, usability driven or availability driven.…”

Web User' Knowledge and Their Behavior towards Security Threats and Vulnerabilities

Whose Risk Is It Anyway: How Do Risk Perception and Organisational Commitment Affect Employee Information Security Awareness?

Threat and countermeasure patterns for cloud computing