Threat mitigation, monitoring and management plan - A new approach in risk management

ARTCom 2009 - International Conference on Advances in Recent Technologies in Communication and Computing

Volumn , Issue , 2009, Pages 719-723

  Gandotra, Vandana ^a   Singhal, Archana ^a   Bedi, Punam ^a  

^a UNIVERSITY OF DELHI   (India)

Author keywords

Agents; Defense in depth; Mitigation; Monitoring; Threat modeling

Indexed keywords

COMPLEX SOFTWARE SYSTEMS; DEFENSE IN DEPTH; DEFENSE STRATEGY; DESIGN LEVELS; MONITORING AND MANAGEMENT; MULTI-LAYERED; NEW APPROACHES; ON-LINE BANKING; SECURITY ENVIRONMENTS; SECURITY RISKS; SOFTWARE SYSTEMS; THREAT MITIGATION; THREAT MODELING;

COMPUTER CRIME; NETWORK SECURITY; PERSONAL COMPUTING; PROFITABILITY; RISK ANALYSIS; RISK MANAGEMENT;

COMPUTER SOFTWARE;

EID: 73849104170     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARTCom.2009.38     Document Type: Conference Paper

References (26)

1. J. Viega and G. Mcgraw 2002, "Building secure software", Addison-Wesley, ISBN 0-201-72152-x.
2. F. Swiderski, W. Snyder, "Threat Modeling", Microsoft Press, 2005.
3. Denis Verdon, Gary McGraw, "Risk analysis in software design", IEEE Security and privacy, 2004.
4. Raimundas Matulevicius, Nicolas Mayer and Patrick Heymans. "Alignment of Misuse Cases with Security Risk Management", published in The Third International conference on Availability, Reliability and Security, IEEE 2008. pp: 1397-1404.
5. th IEEE International Requirements Engineering Conference, Paris, France, August 29th, 2005.
6. Jan Juriens, "Secure Systems Development with UML" Springer, 2003.
7. OMGUML profile for "Quality of Service and Fault tolerance Characteristics and Mechanisms".
8. C.Murray Woodside, Dorina C. Petriu, Dorin Bogdan Petriu, Jing Xu, Tauseef A. Israr, Geri Georg, Robert B. France,James M.Bieman, Siv Hilde Houmb, Jan Jürjens: Performance analysis of security aspects by weaving scenarios extracted from UML models. Journal of Systems and Software 82(1): 56-74 (2009).
9. Roger S. Pressman, "Software Engineering A Practitioner's Approach", McGraw- Hill, 2005.
10. Joshua Pauli, Dianxiang Xu "THREAT-DRIVEN ARCHITECTURAL DESIGN OF SECURE INFORMATION SYSTEMS", proceedings of the 7th International Conference on Enterprise Information System (ICEIS 2005), Miami USA, May 2005.
11. Steve Lipner, "The Trustworthy Computing Security Development Lifecycle," ACSAC, pp.2-13, 20th Annual Computer Security Applications Conference (ACSAC'04), 2004.
12. Huiqun Yu, Xudong He, Yi Deng, Lian Mo "A Formal Approach to Designing Secure Software Architectures", Proceedings of the Eighth IEEE International Symposium on High Assurance Systems Engineering (HASE'04), 2004.
13. Vineet Saini, Qiang Duan and Vamsi Paruchuri, "Threat Modeling Using Attack Trees", Proceedings of the Sixth Annual CCSC Mid-South Conference and Journal of Computing Sciences in Colleges, Volume 23, Issue 4, April 2008.
14. G.Sindre and A. L. Opdahl, "Eliciting Security Requirements with Misuse Cases", Requirements Engineering, 10(1):34-44, 2005.
15. I. Alexander, "Misuse cases help to elicit non-functional equirements", Computing and Control Engineering Journal, 14(1):40-45, 2003.
16. Martin R. Stylz and James A> Whittaker, ""Considering Defense in Depth for Software Applications", IEEE Security and Privacy, January 2004..
17. Kevin Dauch, Adam Hovak, Roger Nestler, , "Information Assurance Using a Defense In-Depth Strategy," catch, pp.267-272, Cybersecurity Applications & Technology Conference for Homeland Security, 2009
18. P.Rubel, M.Ihde, S. Harp, C.Payne, "Generating Policies for Defense in Depth", Proceedings of the 21st Annual Computer Security Applications Conference ACSAC 2005, pp: 505-514.
19. F. Swiderski and W. Synder, Threat Modeling, Microsoft Press, 2005.
20. S. Myagmar, A. J. Lee, and W.Yurcik, "Threat Modeling as a Basis for Security Requirements ", 2005.
21. M. Howard and D. LeBlanc Writing Secure Code, Microsoft Press, 2003.
22. Raimundas Matulevicius, Nicolas Mayer and Patrick Heymans, "Alignment of Misuse Cases with Security Risk Management", published in The Third International conference on Availability, Reliability and Security , IEEE 2008, pp: 1397-1404..
23. M.Wooldridge, "Agent Based Software Engineering", IEE Proceedings, Software Engineering, January 1997, Volume 144, Issue 1, pp. 26-37
24. M.Wooldridge and P.Ciancarini, "Agent Oriented Software Engineering", AOSE 2000, pp: 1-28.
25. Man-in-the-Middle Attacks, Copyright 2009 Entrust.
26. V. Gandotra, A. Singhal and P. Bedi, "Identifying Security Requirements Hybrid Technique", Fourth International Conference on Software Engineering Advances 2009, Portugal, in press.