Security and Risk Assessment: Black box modeling, Taxonomy and Systematic Literature Review
Licentiatavhandling, 2016

In order to successfully perform and manage any type of project, there is a need to identify and assess the key factors that have an effect on the project's performance and its deliverables. Security and risk are two important concepts in contemporary information system industry that need to be assessed and addressed. Unfortunately, there exists no clear overall view of the key factors that are involved in the security and risk assessment processes. This thesis attempts to highlight the effect of system attributes and operation on security and risk assessment. Moreover, due to criticality of risk assessment in both information system and software development projects, the thesis attempts to clarify the assessment process by identifying and categorizing existing approaches and investigating their difference. To that end, the thesis proposes a structured approach for assessment and metrication of operational security that is based on black box modeling for categorizing security metrics as being protective or behavioral, and integrity metrics as being system-related or threat-related. The thesis also proposes a novel factor for improving reliability of security risk calculation and analysis by taking system operational factors into account. Another contribution of the thesis is taxonomy for the risk assessment process in which key players and phases in the risk assessment process are identified. Finally, different risk management strategies among various software development processes are investigated to identify potential advantages of one to the other.

3364, Edit building
Opponent: Tomas Olovsson


Laleh Pirzadeh Irannezhad

Chalmers, Data- och informationsteknik, Datorteknik

A Cause and Effect Approach Towards Risk Analysis

International workshop on Security Measurements and Metrics - MetriSec2011, Banff, Alberta, Canada, 2011-09-21,; (2011)p. 80-83

Paper i proceeding

Identifying Suitable Attributes for Security and Dependability Metrication

SECURWARE 2013, The Seventh International Conference on Emerging Security Information, Systems and Technologies - August 25 - 31, 2013 - Barcelona, Spain,; (2013)p. 1-7

Paper i proceeding

An Attempt to Structure Risk Assessment

Nordsec 2012, The 17th Conference on Secure IT Systems,; (2012)

Paper i proceeding

Laleh Pirzadeh, Ana Magazinus, Richard Torkar, “A Systematic Literature Review on Risk Management in Agile and Plan-driven Software Development”, Technical report 2016:06, ISSN: 1652-926X


Informations- och kommunikationsteknik


Övrig annan teknik



Grundläggande vetenskaper

Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 159



3364, Edit building

Opponent: Tomas Olovsson

Mer information