A modeling approach to cyber threat mitigation

Andrei Chiș, Oliviu Ionuț Stoica and Ana-Maria Ghiran

Over the past decade, the security issues that are threatening IT systems worldwide gained increased attention. This was due to several factors and affected both enterprises and individuals. In case of enterprises, there is a popular trend among companies to give up on-premises solutions in favor of using cloud services. For both enterprises and individuals, another influential and decisive factor is the imposed legislation (ADPPA in U.S. or GDPR in EU) with respect to data privacy. Given these circumstances, more people/stakeholders should be involved in devising the security of IT systems who should be acquainted with “secure by design” principles. Given that not many of them are specialists in cyber security a solution that would help them in this matter is needed. This paper presents an approach to mitigate the cyber security threats at design phase of a system. Moreover, it can also be used in auditing an existing system. The main idea is to leverage knowledge that is expressed as diagrammatic models (e.g., dataflow diagrams or threat models created with a domain specific modeling language), which can be understood by all stakeholders of a system, both technical and non-technical.

Links

Cite as

Andrei Chiș, Oliviu Ionuț Stoica, Ana-Maria Ghiran: A modeling approach to cyber threat mitigation. In: BIR-WS 2024: BIR 2024 Workshops and Doctoral Consortium, 23rd International Conference on Perspectives in Business Informatics Research (BIR 2024), 2024.

BibTeX (Download)

@inproceedings{nokey,
title = {A modeling approach to cyber threat mitigation},
author = {Andrei Chiș, Oliviu Ionuț Stoica and Ana-Maria Ghiran},
url = {https://ceur-ws.org/Vol-3804/paper4o.pdf},
year  = {2024},
date = {2024-09-11},
booktitle = {BIR-WS 2024: BIR 2024 Workshops and Doctoral Consortium, 23rd International Conference on Perspectives in Business Informatics Research (BIR 2024)},
abstract = {Over the past decade, the security issues that are threatening IT systems worldwide gained increased attention. This was due to several factors and affected both enterprises and individuals. In case of enterprises, there is a popular trend among companies to give up on-premises solutions in favor of using cloud services. For both enterprises and individuals, another influential and decisive factor is the imposed legislation (ADPPA in U.S. or GDPR in EU) with respect to data privacy. Given these circumstances, more people/stakeholders should be involved in devising the security of IT systems who should be acquainted with “secure by design” principles. Given that not many of them are specialists in cyber security a solution that would help them in this matter is needed. This paper presents an approach to mitigate the cyber security threats at design phase of a system. Moreover, it can also be used in auditing an existing system. The main idea is to leverage knowledge that is expressed as diagrammatic models (e.g., dataflow diagrams or threat models created with a domain specific modeling language), which can be understood by all stakeholders of a system, both technical and non-technical.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}