loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Roman Wirtz and Maritta Heisel

Affiliation: Working Group Software Engineering, University of Duisburg-Essen, Oststr. 99, Duisburg and Germany

Keyword(s): Security Risk, Risk Management, Risk Estimation, CVSS, Pattern, Requirements Engineering.

Related Ontology Subjects/Areas/Topics: Artificial Intelligence ; Knowledge Management and Information Sharing ; Knowledge-Based Systems ; Requirements Engineering ; Software Engineering ; Software Metrics ; Software Project Management ; Symbolic Systems

Abstract: During software development, it is of essential importance to consider security threats. The number of reported incidents and the harm for organizations due to such incidents highly increased during the last few years. The efforts for treating threats need to be spent in an effective manner. A prioritization can be derived from the risk level of a threat, which is defined as the likelihood of occurence and the consequence for an asset. In this paper, we propose a risk estimation and evaluation method for information security based on the Common Vulnerability Scoring System (CVSS). Our method can be applied during requirements engineering. The application in one of the earliest stages of a software development lifecycle enables security engineers to focus on the most servere risks right from the beginning. As initial input, we make use of a pattern-based description of relevant threats to the software. When estimating the risk level of those threats, we consider three perspectives: (1 ) software providers, (2) data owner, and (3) third parties for which a potential harm may exist, too. Our method combines attributes of the pattern and the different perspectives to estimate and prioritize risks. The pattern-based description allows a semi-automatic application of our method, which ends with a ranking of risks according to their priority as final outcome. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.190.217.134

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wirtz, R. and Heisel, M. (2019). CVSS-based Estimation and Prioritization for Security Risks. In Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE; ISBN 978-989-758-375-9; ISSN 2184-4895, SciTePress, pages 297-306. DOI: 10.5220/0007709902970306

@conference{enase19,
author={Roman Wirtz. and Maritta Heisel.},
title={CVSS-based Estimation and Prioritization for Security Risks},
booktitle={Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE},
year={2019},
pages={297-306},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007709902970306},
isbn={978-989-758-375-9},
issn={2184-4895},
}

TY - CONF

JO - Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE
TI - CVSS-based Estimation and Prioritization for Security Risks
SN - 978-989-758-375-9
IS - 2184-4895
AU - Wirtz, R.
AU - Heisel, M.
PY - 2019
SP - 297
EP - 306
DO - 10.5220/0007709902970306
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic