Conceptual Framework for Security Testing, Security Risk Analysis and their Combinations
نویسنده
چکیده
Security testing and security risk analysis are key issues and central to strengthening the ability of companies to face the new security challenges posed by the future internet. We present a conceptual framework clarifying the notions of security testing, security risk analysis, and related concepts, as well as defining the relations among them. The conceptual framework is built upon established concepts from state-of-the-art standards. We focus on model-based approaches for security testing and security risk analysis and distinguish between model-based security testing (MST) and model-based security risk analysis (MSR). In particular, we present the two possible combinations of MST and MSR, which are risk-driven model-based security testing (RMST) and test-driven model-based security risk analysis (TMSR). The conceptual framework offers a basis for future research by providing a common understanding of the central notions within security testing and security risk analysis.
منابع مشابه
The Conceptual Framework of Individual and Social Security Provision in Residential Complexes Based on Iranian-Islamic Foundations
Security as one of the basic human needs has a special place in relaxation, comfort and spiritual needs provision. For this reason, security is always of managers, planners, architects and urban designers' interest. Solutions and strategies of security provision have been fundamentally changed following prevailing change of housing architecture patterns from homes to residential complexes and h...
متن کاملارائه الگویی برای ارزیابی ریسک آتشسوزیهای عمدی
Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملExamine the components of organizational agility to design a framework for achieving agility in social security organization
Background and purpose: The purpose of the study was to examine the dimensions and components of organizational agility to design a framework. Materials and methods: The methodology is descriptive. The statistical society was selected from employees in the Social Security organization of Bojnourd (N=148). The samples were 132 staff that return the questionaries. The data collected by a researc...
متن کامل