Security and Risk Assessment: Black box modeling, Taxonomy and Systematic Literature Review
Licentiate thesis, 2016

In order to successfully perform and manage any type of project, there is a need to identify and assess the key factors that have an effect on the project's performance and its deliverables. Security and risk are two important concepts in contemporary information system industry that need to be assessed and addressed. Unfortunately, there exists no clear overall view of the key factors that are involved in the security and risk assessment processes. This thesis attempts to highlight the effect of system attributes and operation on security and risk assessment. Moreover, due to criticality of risk assessment in both information system and software development projects, the thesis attempts to clarify the assessment process by identifying and categorizing existing approaches and investigating their difference. To that end, the thesis proposes a structured approach for assessment and metrication of operational security that is based on black box modeling for categorizing security metrics as being protective or behavioral, and integrity metrics as being system-related or threat-related. The thesis also proposes a novel factor for improving reliability of security risk calculation and analysis by taking system operational factors into account. Another contribution of the thesis is taxonomy for the risk assessment process in which key players and phases in the risk assessment process are identified. Finally, different risk management strategies among various software development processes are investigated to identify potential advantages of one to the other.

3364, Edit building
Opponent: Tomas Olovsson

Author

Laleh Pirzadeh Irannezhad

Chalmers, Computer Science and Engineering (Chalmers), Computer Engineering (Chalmers)

A Cause and Effect Approach Towards Risk Analysis

International workshop on Security Measurements and Metrics - MetriSec2011, Banff, Alberta, Canada, 2011-09-21,; (2011)p. 80-83

Paper in proceeding

Identifying Suitable Attributes for Security and Dependability Metrication

SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and Technologies - August 25 - 31, 2013 - Barcelona, Spain,; (2013)p. 1-7

Paper in proceeding

An Attempt to Structure Risk Assessment

Nordsec 2012, The 17th Conference on Secure IT Systems,; (2012)

Paper in proceeding

Laleh Pirzadeh, Ana Magazinus, Richard Torkar, “A Systematic Literature Review on Risk Management in Agile and Plan-driven Software Development”, Technical report 2016:06, ISSN: 1652-926X

Areas of Advance

Information and Communication Technology

Subject Categories

Other Engineering and Technologies not elsewhere specified

Software Engineering

Roots

Basic sciences

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 159

Publisher

Chalmers

3364, Edit building

Opponent: Tomas Olovsson

More information

Created

12/5/2016