Security Oriented Malicious Activity Diagrams to Support Information Systems Security

Mwambe, Othmar Othmar; Echizen, Isao

doi:10.1109/waina.2017.51

Cited by 5 publications

(5 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Activity diagram dapat digunakan untuk menggambarkan bisnis dan operasional langkah demi langkah alur kerja komponen dalam sistem. Sebuah activity diagram dapat menunjukkan aliran kontrol keseluruhan [16]. Gambar 3 merupakan rangkaian aliran aktivitas dimulai ketika user membuka atau memulai menjalankan aplikasi, setelah itu sistem menampilkan halaman login.…”

Section: Activity Diagramunclassified

Rancang Bangun Aplikasi Smart Touring Berbasis Android

Rahardi

Aminuddin

2021

matrik

View full text Add to dashboard Cite

Perkembangan teknologi saat ini begitu cepat. Teknologi membuat perubahan pada peradaban manusia. Telah banyak kegiatan manusia yang didukung oleh kemajuan teknologi. Tak terkecuali kegiatan touring yang dilakukan bersama-sama. Touring adalah kegiatan berkendara dari suatu tempat ke tempat lain secara bersama-sama. Saat ini komunitas touring terus meningkat, namun masih memiliki beberapa permasalahan saat melakukan aktifitasnya. Saat ini salah satu permasalahan yang ada pada aktifitas touring adalah pengendara satu dengan yang lainnya tidak bisa mengetahui lokasi semua teman touring mereka. Oleh karena itu sangat dimungkinkan ada anggota touring mereka yang tertinggal jauh atau salah jalur. Dengan teknologi smartphone yang sangat pesat, dimungkinkan dibangun sebuah sistem yang dapat mendukung kegiatan touring tersebut. Pada penelitian ini telah berhasil dibangun sistem yang dapat mendukung kelancaran aktifitas touring. Fokus penelitian ini adalah membangun sistem touring yang dapat mendeteksi keberadaan semua member touring ketika sedang melakukan kegiatan touring. Sistem yang dibangun adalah berbasis contextual awareness, yaitu sistem yang mampu memberikan informasi kepada pengguna dengan data yang didapat dari lingkungannya. Dalam hal ini adalah memberikan informasi ketika ada member touring yang berjauhan dengan member touring lainnya.

show abstract

Section: Activity Diagramunclassified

Rancang Bangun Aplikasi Smart Touring Berbasis Android

Rahardi

Aminuddin

2021

matrik

View full text Add to dashboard Cite

show abstract

“…The cost of threats removal or reducing threats late will be very high. It is a well-known fact that prevention is always better than cure [15].…”

Section: A Threatmentioning

confidence: 99%

“…This will guide the organization to be more concerned about the most critical assets as a priority. Assets are exposed to various threats [15].…”

Section: B Assetmentioning

confidence: 99%

“…Vulnerability is defined as a weakness that is either accidentally or intentionally triggered. The weakness in the security or controls of asset may be exploited by threats [9], [15] Vulnerabilities usually is a technical issue, but sometimes the incidents were caused by human, for example, the employee uses weak password which is vulnerable to attack from an outsider. Sometimes, without notice or awareness, someone will download software, not knowing that it contains malicious code.…”

Section: Vulnerabilitymentioning

confidence: 99%

“…Risk is defined as an uncertainty that could affect one or more objectives [15], [16]. For a risk to be present in the system, a threat must exploit a vulnerability through any potential action and cause assets damage or loss [10].…”

Section: Riskmentioning

confidence: 99%

See 2 more Smart Citations

Adopting ISO/IEC 27005:2011-based Risk Treatment Plan to Prevent Patients Data Theft

Hamit¹,

Sarkan²,

Azmi³

et al. 2020

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

The concern raised in late 2017 regarding 46.2 million mobile device subscriber's data breach had the Malaysian police started an investigation looking for the source of the leak. Data security is very important to protect the assets or information by providing its confidentiality, integrity, and availability not only in the telecommunication industry but also in other sectors. This paper attempts to protect the data of a patient-based clinical system by producing a risk treatment plan for its software products. The existing system is vulnerable to information theft, insecure databases, poor audit login, and password management. The information security risk assessment consisting of identifying risks, analyzing, and evaluating them were conducted before a risk assessment report is written down. A risk management framework was applied to the software development unit of the organization to countermeasure these risks. ISO/IEC 27005:2011 standard was used as the basis for the information security risk management framework. The controls from Annex A of ISO/IEC 27001:2013 were used to reduce the risks. Thirty risks have been identified, and seven high-level risks for the product have been recognized. A risk treatment plan focusing on the risks and controls has been developed for the system to reduce these risks to secure the patient's data. This will eventually enhance the information security in the software development unit and, at the same time, increase awareness among the team members concerning risks and the means to handle them.

show abstract

A Case Study of Introducing Security Risk Assessment in Requirements Engineering in a Large Organization

2023

View full text Add to dashboard Cite

Software products are increasingly used in critical infrastructures, and verifying the security of these products has become a necessary part of every software development project. Effective and practical methods and processes are needed by software vendors and infrastructure operators to meet the existing extensive demand for security. This article describes a lightweight security risk assessment method that flags security issues as early as possible in the software project, namely during requirements analysis. The method requires minimal training effort, adds low overhead, and makes it possible to show immediate results to affected stakeholders. We present a longitudinal case study of how a large enterprise developing complex telecom products adopted this method all the way from pilot studies to full-scale regular use. Lessons learned from the case study provide knowledge about the impact that upskilling and training of requirements engineers have on reducing the risk of malfunctions or security vulnerabilities in situations where it is not possible to have security experts go through all requirements. The case study highlights the challenges of process changes in large organizations as well as the pros and cons of having centralized, distributed, or semi-distributed workforce for security assurance in requirements engineering.

show abstract

Security Oriented Malicious Activity Diagrams to Support Information Systems Security

Cited by 5 publications

References 3 publications

Rancang Bangun Aplikasi Smart Touring Berbasis Android

Rancang Bangun Aplikasi Smart Touring Berbasis Android

Adopting ISO/IEC 27005:2011-based Risk Treatment Plan to Prevent Patients Data Theft

A Case Study of Introducing Security Risk Assessment in Requirements Engineering in a Large Organization

Contact Info

Product

Resources

About