Empirical and statistical analysis of risk analysis-driven techniques for threat management

Author

Buyens, Koen ; Win, Bart De ; Joosen, Wouter

Author_Institution

Dept. of Comput. Sci., KU Leuven

fYear

2007

fDate

10-13 April 2007

Firstpage

1034

Lastpage

1041

Abstract

One of the challenges of secure software construction (and maintenance) is to get control over the multitude of threats in order to focus mitigation efforts on the most relevant ones. Risk analysis is one class of techniques for achieving threat reduction, but few studies are available that evaluate the quality of these techniques. In this paper, a selected set of risk analysis techniques have been evaluated and compared based on a realistic case study. The foundations for this analysis were threefold: we defined a set of high-level criteria, we compared the results of the different methods and we used statistical analysis techniques for studying additional characteristics. This analysis was performed on an independently developed case study of a significant size. For this experiment, the benefits of applying of these methods were limited for the categorization and the reduction of threats. Therefore, we also suggest ways to improve or complement these methods

Keywords

risk analysis; security of data; software maintenance; statistical analysis; risk analysis; software construction; software maintenance; software security; statistical analysis; threat management; threat reduction; Computer science; Control system analysis; Control systems; Costs; Information processing; Performance analysis; Risk analysis; Risk management; Software maintenance; Statistical analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on

Conference_Location

Vienna

Print_ISBN

0-7695-2775-2

Type

conf

DOI

10.1109/ARES.2007.78

Filename

4159906