Classification of Security Threats in Information Systems

Jouini, Mouna; Rabai, Latifa Ben Arfa; Aissa, Anis Ben

doi:10.1016/j.procs.2014.05.452

Cited by 206 publications

(100 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The threat modelling approach in such environments needs to achieve some desired properties. It should be exclusive, exhaustive, unambiguous, repeatable, comprehensive and useful to capture the largest possibility of potential security threats [27], [28], [29]. The hybrid threat modelling is designed to overcome the limitations of existing threat modelling approaches that use only two or three criteria, and the lack of consideration of the desired properties [30], [31].…”

Section: Managing Security and Compliance Risks Of Outsourced It Projmentioning

confidence: 99%

Managing Security and Compliance Risks of Outsourced IT Projects

Almutairi¹

2017

Computer Science &Amp; Information Technology (CS &Amp; IT)

View full text Add to dashboard Cite

show abstract

Section: Managing Security and Compliance Risks Of Outsourced It Projmentioning

confidence: 99%

Managing Security and Compliance Risks of Outsourced IT Projects

Almutairi¹

2017

Computer Science &Amp; Information Technology (CS &Amp; IT)

View full text Add to dashboard Cite

show abstract

“…Therefore, management and risk assessment need to understand and analyze threats and vulnerabilities as a crucial security issues. Thus, effective security classification is necessary to identify and organize threats and vulnerabilities into classes based on the intended effect of attacks and develop solutions to prevent system from effective threats (Jouini et al, 2014).…”

Section: Identify Threats and Vulnerabilitiesmentioning

confidence: 99%

Threat Modeling Approaches for Securing Cloud Computin

Amini¹,

Jamil²,

Ahmad³

et al. 2015

J. of Applied Sciences

View full text Add to dashboard Cite

A B S T R A C TThe cloud computing delivers services of processing data by using parallel and high computational processors virtually and remotely. This is very useful and beneficial to enterprises that have limitations in terms of processing resources, data storages and man power. However, one of the main challenge in cloud computing is data security. Supposed each user has an access to the domain based on the privilege given by the server. However, an attacker always has the opportunity to bypass the privilege by exploring and exploiting every vulnerability and threat found in the cloud computing environment. A systematic approach to identify vulnerabilities and threats is thus very important to ensure only authorized party is allowed to access the data. In this study, several approaches of vulnerability and threat modeling are reviewed and found that none of them is suitable for the cloud computing environment. Therefore, authors presented a dynamic model of identifying vulnerabilities and threats in the cloud computing environment. The proposed model enables the organization to systematically identify vulnerability and threats and analyze the security risk when they use cloud computing services.

show abstract

“…In [7], a risk assessment approach from the perspective of a cloud user is presented to analyze the data security risks before putting his confidential data into a cloud computing environment. This work allows helping cloud computing users to evaluate the risk of their data security.…”

Section: Risk Analysis Model For Cloud Computing Systemmentioning

confidence: 99%

“…In this section, we propose a new cyber security metric, extension of the mean failure cost (MFC) metric, based on threats classification and especially on our proposed threat classification model [7]. We illustrate, then, this infrastructure by means of a cloud computing application.…”

Section: The Mfc Extension (Mfce) Modelmentioning

confidence: 99%

“…We applied our hybrid threat classification presented in previous work [7] on this case study to generate threat classes. In fact, we proposed in earlier work, [7] a dynamic and multidimensional threat classification model that allows better defining and articulating of threat characteristics. The model contains the following criteria:…”

Section: The Impact Threats Classes Matrixmentioning

confidence: 99%

See 1 more Smart Citation

Mean Failure Cost Extension Model towards Security Threats Assessment: A Cloud Computing Case Study

Jouini¹,

Rabai²

2015

JCP

Self Cite

View full text Add to dashboard Cite

Abstract:The development of information technology leads to several kind of security threats which can cause different damages like financial losses. Security threat breaches affect specially the confidentiality, the integrity and the availability of a system. Indeed, as the environment continues to become more dynamic the process of making good security decisions is becoming more and more challenging. Hence, managers have to adopt successful policies and practices to prevent security breaches. They need to evaluate or assess security threats breaches. The main contributions of this paper is a new a quantitative analysis of information systems based threat classification approach. The proposed approach used threat classification to assess and evaluate threat impacts to develop strategies to mitigate the effects of threats classes on the system. The idea is to consider an average presence of threats in a class of threats in order to achieve a certain stability of this class in time. Then, we propose an approach that estimates the security of information systems.

show abstract

Classification of Security Threats in Information Systems

Cited by 206 publications

References 8 publications

Managing Security and Compliance Risks of Outsourced IT Projects

Managing Security and Compliance Risks of Outsourced IT Projects

Threat Modeling Approaches for Securing Cloud Computin

Mean Failure Cost Extension Model towards Security Threats Assessment: A Cloud Computing Case Study

Contact Info

Product

Resources

About