IBM Systems Journal - Special issue on cryptology
Research Directions in Requirements Engineering
FOSE '07 2007 Future of Software Engineering
Security Evaluation for Information Assurance
ICCSA '07 Proceedings of the The 2007 International Conference Computational Science and its Applications
Formalizing information security knowledge
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Total cost of security: a method for managing risks and incentives across the extended enterprise
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Threat analysis for hardware and software products using HazOP
CIS'09 Proceedings of the international conference on Computational and information science 2009
Improving CVSS-based vulnerability prioritization and response with context information
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Engineering Security Agreements Against External Insider Threat
Information Resources Management Journal
| Hi-index | 0.00 |
There have been significant achievements in defining and developing viable approaches to threat modeling and risk assessment techniques for a wide range of IT applications and computing environments. Most of the approaches have been qualitative, due to the difficulties in quantifying all the aspects of the threat analysis. Some quantitative approaches, especially based on the analysis of the cost of security, have been proposed as well, such as "Total Cost of Security" described in [1]. The adjacent field of requirements engineering that provides useful insight into threats and mitigations, has flourished also [2]. In qualitative studies, the focus was on introducing new taxonomies and ontologies [3], applying threat modeling techniques to new areas [4], e.g., ad-hoc networks or improving prioritization and usability of the existing approaches, such as the Common Vulnerability Scoring System [5]. Interest in applying the same models to hardware and software threat analysis is beginning to emerge [6], although the difficulties as well as the benefits of this approach are self-evident.