scholarly journals An Empirical Study on the Comprehensibility of Graphical Security Risk Models Based on Sequence Diagrams

2019 ◽  
pp. 1-17
Author(s):  
Vetle Volden-Freberg ◽  
Gencer Erdogan
Keyword(s):  
Empirical Study ◽  
Security Risk ◽  
Sequence Diagrams ◽  
Risk Models

An Evaluation of a Test-Driven Security Risk Analysis Approach Based on Two Industrial Case Studies

2019 ◽  
pp. 69-103 ◽  
Author(s):  
Gencer Erdogan ◽  
Phu H. Nguyen ◽  
Fredrik Seehusen ◽  
Ketil Stølen ◽  
Jon Hofstad ◽  
...  
Keyword(s):  
Risk Assessment ◽  
Case Studies ◽  
Risk Model ◽  
Case Study Research ◽  
Security Risk ◽  
Risk Models ◽  
First Case ◽  
Assessment Approach ◽  
Security Risk Assessment

Risk-driven testing and test-driven risk assessment are two strongly related approaches, though the latter is less explored. This chapter presents an evaluation of a test-driven security risk assessment approach to assess how useful testing is for validating and correcting security risk models. Based on the guidelines for case study research, two industrial case studies were analyzed: a multilingual financial web application and a mobile financial application. In both case studies, the testing yielded new information, which was not found in the risk assessment phase. In the first case study, new vulnerabilities were found that resulted in an update of the likelihood values of threat scenarios and risks in the risk model. New vulnerabilities were also identified and added to the risk model in the second case study. These updates led to more accurate risk models, which indicate that the testing was indeed useful for validating and correcting the risk models.

Assessing the Usefulness of Testing for Validating and Correcting Security Risk Models Based on Two Industrial Case Studies

2016 ◽  
pp. 1016-1037
Author(s):  
Gencer Erdogan ◽  
Fredrik Seehusen ◽  
Ketil Stølen ◽  
Jon Hofstad ◽  
Jan Øyvind Aagedal
Keyword(s):  
Risk Assessment ◽  
Case Studies ◽  
Web Application ◽  
Risk Model ◽  
Security Risk ◽  
Risk Models ◽  
First Case ◽  
New Information ◽  
Financial Application

The authors present the results of an evaluation in which the objective was to assess how useful testing is for validating and correcting security risk models. The evaluation is based on two industrial case studies. In the first case study the authors analyzed a multilingual financial Web application, while in the second case study they analyzed a mobile financial application. In both case studies, the testing yielded new information which was not found in the risk assessment phase. In particular, in the first case study, new vulnerabilities were found which resulted in an update of the likelihood values of threat scenarios and risks in the risk model. New vulnerabilities were also identified and added to the risk model in the second case study. These updates led to more accurate risk models, which indicate that the testing was indeed useful for validating and correcting the risk models.

Assessing the Usefulness of Testing for Validating and Correcting Security Risk Models Based on Two Industrial Case Studies

2015 ◽  
Vol 6 (2) ◽  
pp. 90-112
Author(s):  
Gencer Erdogan ◽  
Fredrik Seehusen ◽  
Ketil Stølen ◽  
Jon Hofstad ◽  
Jan Øyvind Aagedal
Keyword(s):  
Risk Assessment ◽  
Case Studies ◽  
Web Application ◽  
Risk Model ◽  
Security Risk ◽  
Risk Models ◽  
First Case ◽  
New Information ◽  
Financial Application

The authors present the results of an evaluation in which the objective was to assess how useful testing is for validating and correcting security risk models. The evaluation is based on two industrial case studies. In the first case study the authors analyzed a multilingual financial Web application, while in the second case study they analyzed a mobile financial application. In both case studies, the testing yielded new information which was not found in the risk assessment phase. In particular, in the first case study, new vulnerabilities were found which resulted in an update of the likelihood values of threat scenarios and risks in the risk model. New vulnerabilities were also identified and added to the risk model in the second case study. These updates led to more accurate risk models, which indicate that the testing was indeed useful for validating and correcting the risk models.

scholarly journals Empirical Study on the Transparency of Security Risk Information in Chinese Listed Pharmaceutical Enterprises Based on the ANP-DS Method

2020 ◽  
Vol 2020 ◽  
pp. 1-15
Author(s):  
Jining Wang ◽  
Chong Guo ◽  
Tingqiang Chen
Keyword(s):  
Empirical Study ◽  
Comprehensive Evaluation ◽  
Adverse Drug Reaction Reporting ◽  
Evaluation Model ◽  
Health And Safety ◽  
Analytic Network Process ◽  
Risk Information ◽  
Security Risk ◽  
Network Process ◽  
Pharmaceutical Enterprises

Frequent outbreaks of drug safety incidents pose a massive threat to public health and safety, while the transparency of security risk information in medical enterprises is not optimistic. Therefore, this study uses the analytic network process (Dempster-Shafer method) to construct a transparent comprehensive evaluation model for security risk information in listed pharmaceutical enterprises from the perspective of government supervision and listed pharmaceutical enterprises. On the basis of 59,305 data obtained by 303 enterprises listed in the Chinese biomedical sector, this research conducted an empirical study on the transparency of safety risk information in Chinese listed pharmaceutical enterprises. The current study found that the transparency of security risk information in Chinese listed pharmaceutical enterprises is generally between “general” and “relatively good” and tends to be “relatively good.” However, administrative punishment information, adverse drug reaction reporting systems, and production processes need continuous improvement.

Sign in / Sign up

Export Citation Format

Share Document