Threat scenario-based security risk analysis using use case modeling in information systems

Young Gab Kim, Sungdeok Cha

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

Successful Security Risk Analysis (SRA) enables us to develop a secure information management system and provides valuable analysis data for future risk estimation. One of the qualitative techniques for SRA is the scenario method. This provides a framework for our explorations that raises our awareness and appreciation of uncertainty. However, the existing scenario methods are too abstract to be applicable to some situations and have not been formalized in information systems (ISs) because they do not explicitly define artifacts or have any standard notation. Therefore, this paper proposes the improved scenario-based SRA approach, which can create SRA reports using threat scenario templates and manage security risk directly in ISs. Furthermore, in order to show how to apply the proposed method in a specific environment, especially in a Broadband convergence Network (BcN) environment, a case study is presented.

Original languageEnglish
Pages (from-to)293-300
Number of pages8
JournalSecurity and Communication Networks
Volume5
Issue number3
DOIs
Publication statusPublished - 2012 Mar 1

Fingerprint

Risk analysis
Information systems
Information management

Keywords

  • Broadband convergence Network (BcN)
  • Qualitative risk analysis
  • Scenario method
  • Security risk analysis
  • Use case modeling

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Cite this

Threat scenario-based security risk analysis using use case modeling in information systems. / Kim, Young Gab; Cha, Sungdeok.

In: Security and Communication Networks, Vol. 5, No. 3, 01.03.2012, p. 293-300.

Research output: Contribution to journalArticle

@article{7bb04a2caf9f4d16b872665d789e6e2d,
title = "Threat scenario-based security risk analysis using use case modeling in information systems",
abstract = "Successful Security Risk Analysis (SRA) enables us to develop a secure information management system and provides valuable analysis data for future risk estimation. One of the qualitative techniques for SRA is the scenario method. This provides a framework for our explorations that raises our awareness and appreciation of uncertainty. However, the existing scenario methods are too abstract to be applicable to some situations and have not been formalized in information systems (ISs) because they do not explicitly define artifacts or have any standard notation. Therefore, this paper proposes the improved scenario-based SRA approach, which can create SRA reports using threat scenario templates and manage security risk directly in ISs. Furthermore, in order to show how to apply the proposed method in a specific environment, especially in a Broadband convergence Network (BcN) environment, a case study is presented.",
keywords = "Broadband convergence Network (BcN), Qualitative risk analysis, Scenario method, Security risk analysis, Use case modeling",
author = "Kim, {Young Gab} and Sungdeok Cha",
year = "2012",
month = "3",
day = "1",
doi = "10.1002/sec.321",
language = "English",
volume = "5",
pages = "293--300",
journal = "Security and Communication Networks",
issn = "1939-0122",
publisher = "John Wiley and Sons Inc.",
number = "3",

}

TY - JOUR

T1 - Threat scenario-based security risk analysis using use case modeling in information systems

AU - Kim, Young Gab

AU - Cha, Sungdeok

PY - 2012/3/1

Y1 - 2012/3/1

N2 - Successful Security Risk Analysis (SRA) enables us to develop a secure information management system and provides valuable analysis data for future risk estimation. One of the qualitative techniques for SRA is the scenario method. This provides a framework for our explorations that raises our awareness and appreciation of uncertainty. However, the existing scenario methods are too abstract to be applicable to some situations and have not been formalized in information systems (ISs) because they do not explicitly define artifacts or have any standard notation. Therefore, this paper proposes the improved scenario-based SRA approach, which can create SRA reports using threat scenario templates and manage security risk directly in ISs. Furthermore, in order to show how to apply the proposed method in a specific environment, especially in a Broadband convergence Network (BcN) environment, a case study is presented.

AB - Successful Security Risk Analysis (SRA) enables us to develop a secure information management system and provides valuable analysis data for future risk estimation. One of the qualitative techniques for SRA is the scenario method. This provides a framework for our explorations that raises our awareness and appreciation of uncertainty. However, the existing scenario methods are too abstract to be applicable to some situations and have not been formalized in information systems (ISs) because they do not explicitly define artifacts or have any standard notation. Therefore, this paper proposes the improved scenario-based SRA approach, which can create SRA reports using threat scenario templates and manage security risk directly in ISs. Furthermore, in order to show how to apply the proposed method in a specific environment, especially in a Broadband convergence Network (BcN) environment, a case study is presented.

KW - Broadband convergence Network (BcN)

KW - Qualitative risk analysis

KW - Scenario method

KW - Security risk analysis

KW - Use case modeling

UR - http://www.scopus.com/inward/record.url?scp=84863146130&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84863146130&partnerID=8YFLogxK

U2 - 10.1002/sec.321

DO - 10.1002/sec.321

M3 - Article

AN - SCOPUS:84863146130

VL - 5

SP - 293

EP - 300

JO - Security and Communication Networks

JF - Security and Communication Networks

SN - 1939-0122

IS - 3

ER -