kth.sePublikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Bridging the gap between business and technology in strategic decision-making for cyber security management
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik. (Software Systems Architecture & Security)ORCID-id: 0000-0003-1464-6163
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik. (Lagerström)ORCID-id: 0000-0003-3089-3885
KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik. (Software systems architecture and security)ORCID-id: 0000-0001-7386-7471
2016 (Engelska)Ingår i: Proceedings of 2016 Portland International Conference on Management of Engineering and Technology, 2016, s. 32-42Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

System architectures are getting more and more complex. Thus, making strategic decisions when it comes to managing systems is difficult and needs proper support. One arising issue that managers need to take into account when changing their technology is security. No business is spared from threats in today's connected society. The repercussions of not paying this enough attention could result in loss of money and in case of cyber physical systems, also human lives. Thus, system security has become a high-level management issue. There are various methods of assessing system security. A common method that allows partial automation is attack graph based security analysis. This particular method has many variations and wide tool support. However, a complex technical analysis like the attack graph based one needs experts to run it and interpret the results. In this paper we study what kind of strategic decisions that need the support of threat analysis and how to improve an attack graph based architecture threat assessment method to fit this task. The needs are gathered from experts working with security management and the approach is inspired by an enterprise architecture language called ArchiMate. The paper contains a working example. The proposed approach aims to bridge the gap between technical analysis and business analysis making system architectures easier to manage.

Ort, förlag, år, upplaga, sidor
2016. s. 32-42
Nationell ämneskategori
Datorsystem
Identifikatorer
URN: urn:nbn:se:kth:diva-196923DOI: 10.1109/PICMET.2016.7806663ISI: 000403104500004Scopus ID: 2-s2.0-85016211936ISBN: 9781509035953 (tryckt)OAI: oai:DiVA.org:kth-196923DiVA, id: diva2:1049839
Konferens
2016 Portland International Conference on Management of Engineering and Technology, PICMET 2016; Honolulu; United States; 4 September 2016 through 8 September 2016
Anmärkning

QC 20170609

Tillgänglig från: 2016-11-25 Skapad: 2016-11-25 Senast uppdaterad: 2024-03-15Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Person

Välja, MargusLagerström, RobertKorman, MatusFranke, Ulrik

Sök vidare i DiVA

Av författaren/redaktören
Välja, MargusLagerström, RobertKorman, MatusFranke, Ulrik
Av organisationen
Nätverk och systemteknikElkraftteknik
Datorsystem

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 291 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf