Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research 2010
DOI: 10.1145/1852666.1852728
|View full text |Cite
|
Sign up to set email alerts
|

Threat agents

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1

Citation Types

0
3
0

Year Published

2012
2012
2024
2024

Publication Types

Select...
3
3
2

Relationship

0
8

Authors

Journals

citations
Cited by 13 publications
(3 citation statements)
references
References 7 publications
0
3
0
Order By: Relevance
“…A checklist was used to extract content from retrieved documents. In total, the specific guidelines, standards, and methodologies for information security risk assessment and risk management were as follows: International Standard Organization/International Electrotechnical Commission (ISO/IEC) 27005, 32 National Institute of Standards and Technology Special Publication 800-30 (NIST SP 800-30), 12 Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) allegro, 33 Method for Harmonized Analysis of Risk (MEHARI), 34 , 35 Metodologia de Analisis y Gestion de Riesgos de los Sistemas de Informacion (MAGRIT), 36 information technology (IT)-Grundschutz, 37 Information Technology Security Guidance- IT security risk management: a lifecycle approach-33 (ITSG-33), 38 Security Officers Management & Analysis Project (SOMAP), 39 Threat Agent Risk Assessment (TARA), 40 CORAS, 41 Threat Vulnerability and Risk Analysis (TVRA), 42 Factor Analysis of Information Risk (FAIR) Analysis (O-RA), 43 and Expression des Besoins et Identification des Objectifs de Sécurité (EBIOS) 44 ; and international standards of information security management (ISM), including ISO/IEC 17799 45 and ISO 27799, 46 were identified and surveyed. Moreover, eight studies related to information security risk assessment and risk management in hospital, 47 – 54 one report, 55 and one book 56 were retrieved and reviewed.…”
Section: Methodsmentioning
confidence: 99%
“…A checklist was used to extract content from retrieved documents. In total, the specific guidelines, standards, and methodologies for information security risk assessment and risk management were as follows: International Standard Organization/International Electrotechnical Commission (ISO/IEC) 27005, 32 National Institute of Standards and Technology Special Publication 800-30 (NIST SP 800-30), 12 Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) allegro, 33 Method for Harmonized Analysis of Risk (MEHARI), 34 , 35 Metodologia de Analisis y Gestion de Riesgos de los Sistemas de Informacion (MAGRIT), 36 information technology (IT)-Grundschutz, 37 Information Technology Security Guidance- IT security risk management: a lifecycle approach-33 (ITSG-33), 38 Security Officers Management & Analysis Project (SOMAP), 39 Threat Agent Risk Assessment (TARA), 40 CORAS, 41 Threat Vulnerability and Risk Analysis (TVRA), 42 Factor Analysis of Information Risk (FAIR) Analysis (O-RA), 43 and Expression des Besoins et Identification des Objectifs de Sécurité (EBIOS) 44 ; and international standards of information security management (ISM), including ISO/IEC 17799 45 and ISO 27799, 46 were identified and surveyed. Moreover, eight studies related to information security risk assessment and risk management in hospital, 47 – 54 one report, 55 and one book 56 were retrieved and reviewed.…”
Section: Methodsmentioning
confidence: 99%
“…Several taxonomies of relevant properties have been proposed, which typically distinguish between the motivation of the threat agents and their capabilities (cf. Casey 2007 ;De Bruijne et al 2017 ). Motivation determines which events are of interest to the adversaries; capabilities determine to what extent they are able to initiate those events.…”
Section: Ontologies Of Securitymentioning
confidence: 99%
“…The first approach for threat analysis is to focus on agents' attack potential determined by factors such as motivation, abilities (e.g., skills, expertise, and resources) and strategies to comprise or misuse an asset. For example, the Threat Agent Library by Intel (Casey et al, 2010) classifies threat agents in terms of the following characteristics: intent, access, outcome (i.e., goal), limits (i.e., constraints), resource level, skill level, objective (i.e., attack strategy), and visibility. The eTVRA method (Rossebo et al, 2006;ETSI-TS-102-165-1, 2011) evaluates attack potential based on threat agents' knowledge about an asset to be compromised, time required to suc- The second approach for threat analysis is to focus on types of attack.…”
Section: Related Workmentioning
confidence: 99%