Measuring Vulnerability in Threat Modeling With Risk Matrix

Authors

  • Andrii Hapon Kharkiv National University of Radio Electronics, Ukraine
  • Volodimir Fedorchenko Kharkiv National University of Radio Electronics, Ukraine

DOI:

https://doi.org/10.30837/csitic52021232185

Keywords:

Threat modeling, CVSS, Likelihood, Attack Vector, Metrics

Abstract

Threat modeling is one of the most important parts when it comes to security in development of programing product. The main challenges for that are time and prioritization of the scope of work. Risk matrix is effective tool for making clear what should be done first and which consequences can be. There are few levels of consequences which are ranged by the influence on business. With help of vulnerability assessment threats can be measured by impact on confidentiality, integrity, and availability. The Common Vulnerability Scoring System is appropriate tool for catching the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

References

OWASP [Electronic resource]. – https://owasp.org/www-community/Application_Threat_Modeling

Hubbard, Douglas W.; Seiersen, Richard (2016). How to Measure Anything in Cybersecurity Risk. Wiley. pp.

Science direct [Electronic resource]. –https://www.sciencedirect.com/topics/engineering/consequence-category

Balbix [Electronic resource]. – https://www.balbix.com/ insights/base-cvss-scores/

First [Electronic resource]. – https://www.first.com

Downloads

Published

2021-05-30

Issue

2021: Fifth International Scientific and Technical Conference "COMPUTER AND INFORMATION SYSTEMS AND TECHNOLOGIES"

Section

RELIABILITY AND SAFETY ASSURANCE TECHNOLOGIES FOR COMPUTER AND INFORMATIONAL SYSTEMS