IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations
navleft navright Research IRM Open Access IRMA Journals IRM Books Proceedings Membership

The IRMA Community

Calls for Papers
Online Symposium
Newsletters

Research IRM

Click a keyword to search titles using our InfoSci-OnDemand powered search:

An Evaluation of a Test-Driven Security Risk Analysis Approach Based on Two Industrial Case Studies

An Evaluation of a Test-Driven Security Risk Analysis Approach Based on Two Industrial Case Studies
View Sample PDF
Author(s): Gencer Erdogan (SINTEF Digital, Norway), Phu H. Nguyen (SINTEF Digital, Norway), Fredrik Seehusen (SINTEF Digital, Norway), Ketil Stølen (SINTEF Digital, Norway), Jon Hofstad (PWC, Norway)and Jan Øyvind Aagedal (Equatex, Norway)
 Copyright: 2019
 Pages: 35
 Source title: Exploring Security in Software Architecture and Design
Source Author(s)/Editor(s): Michael Felderer (University of Innsbruck, Austria)and Riccardo Scandariato (Chalmers University of Technology, Sweden & University of Gothenburg, Sweden)
 DOI: 10.4018/978-1-5225-6313-6.ch004

Purchase

View An Evaluation of a Test-Driven Security Risk Analysis Approach Based on Two Industrial Case Studies on the publisher's website for pricing and purchasing information.

Abstract

Risk-driven testing and test-driven risk assessment are two strongly related approaches, though the latter is less explored. This chapter presents an evaluation of a test-driven security risk assessment approach to assess how useful testing is for validating and correcting security risk models. Based on the guidelines for case study research, two industrial case studies were analyzed: a multilingual financial web application and a mobile financial application. In both case studies, the testing yielded new information, which was not found in the risk assessment phase. In the first case study, new vulnerabilities were found that resulted in an update of the likelihood values of threat scenarios and risks in the risk model. New vulnerabilities were also identified and added to the risk model in the second case study. These updates led to more accurate risk models, which indicate that the testing was indeed useful for validating and correcting the risk models.

Related Content

Babita Srivastava. © 2024. 21 pages.
Sakuntala Rao, Shalini Chandra, Dhrupad Mathur. © 2024. 27 pages.
Satya Sekhar Venkata Gudimetla, Naveen Tirumalaraju. © 2024. 24 pages.
Neeta Baporikar. © 2024. 23 pages.
Shankar Subramanian Subramanian, Amritha Subhayan Krishnan, Arumugam Seetharaman. © 2024. 35 pages.
Charu Banga, Farhan Ujager. © 2024. 24 pages.
Munir Ahmad. © 2024. 27 pages.
IRMA Offers Over 2,500 Full Text Open Access Research Papers for Free Download Click to Start Searching Free IRM Research!

IRMA Sponsors

Sponsor IGI Global

Sponsor eContentPro

Encyclopedia of Information Science and Technology, Fourth Edition
Body Bottom
About Us | Contact | Sitemap | Legal | Policies
Copyright ©2024, Information Resources Management Association. 701 East Chocolate Avenue, Hershey, PA 17033.