113,898 Hits in 5.6 sec

Resolving threats to the therapeutic alliance in cognitive analytic therapy of borderline personality disorder: A task analysis

Dawn Bennett, Glenys Parry, Anthony Ryle
2006 Psychology and Psychotherapy: Theory, Research and Practice  
Task analysis (Greenberg, 1984a) of 107 enactments from 66 sessions in four good outcome cases, compared with 35 enactments from 16 sessions in two poor outcome cases.  ...  This systematically compares a rational model of process with empirically coded transcripts of therapy sessions where independent raters have identified an alliance threat event. Results.  ...  experience in task analysis methodology during the provisional stages; and Dr Paul Jackson and Brian Hockley for statistical assistance.  ... 
doi:10.1348/147608305x58355 pmid:16945199 fatcat:7nsce3vhhbdbfnqc7rgiendhpq

Towards a security‐driven automotive development lifecycle

Jürgen Dobaj, Georg Macher, Damjan Ekert, Andreas Riel, Richard Messnarz
2021 Journal of Software: Evolution and Process  
Cybersecurity has become one of the most crucial challenges in the automotive development lifecycle.  ...  The upcoming ISO/SAE 21434 standard provides only a generic framework that is insufficient to derive concrete design methods. This article  ...  As described in the previous paragraph, security properties can be utilized to derive a secure HW/SW architectural design in a structured and systematic manner using design patterns.  ... 
doi:10.1002/smr.2407 fatcat:hmjmqxgmwrcyzdzbbxi7gemvma

Cybersecurity Threat Analysis, Risk Assessment and Design Patterns for Automotive Networked Embedded Systems: A Case Study

Jürgen Dobaj, Damjan Ekert, Jakub Stolfa, Svatopluk Stolfa, Georg Macher, Richard Messnarz
2021 Journal of universal computer science (Online)  
This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap.  ...  At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level.  ...  In addition, threat models facilitate the systematic (and automated) derivation of potential threats associated with each element in the model.  ... 
doi:10.3897/jucs.72367 fatcat:tcttsvjj3fbi3lkpozey2pud34

Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives

Clemens Sauerwein, Christian Sillaber, Andrea Mussmann, Ruth Breu
2017 Wissensbasierte Systeme  
Therefore, we conducted a systematic study of 22 threat intelligence sharing platforms and compared them.  ...  In the last couple of years, organizations have demonstrated an increased willingness to exchange information and knowledge regarding vulnerabilities, threats, incidents and mitigation strategies in order  ...  Multivocal Literature Review Secondly, we conducted a multivocal literature review (MLR) to identify relevant threat intelligence sharing platforms used in research and practice through a systematic analysis  ... 
dblp:conf/wi/SauerweinSMB17 fatcat:o4s27xl3crhozdxb67zh3zsmuq

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Jingjing Hao, Guangsheng Han
2020 Future Internet  
A number of fundamental aspects are defined to compare the presented methods in order to comprehend the automotive security modeling in depth.  ...  Security models can be utilized as tools to rationalize the security of the automotive system and represent it in a structured manner.  ...  It outlined a modeling framework to analyze threats, assess risks and estimate security levels. In the end, security requirements and security measures can be derived.  ... 
doi:10.3390/fi12110198 fatcat:qzunmwdn2jduxojck4ogwnq2su

Potentials for the Integration of Design Thinking along Automotive Systems Engineering Focusing Security and Safety

Julian Tekaat, Aschot Kharatyan, Harald Anacker, Roman Dumitrescu
2019 Proceedings of the International Conference on Engineering Design  
The resulting potentials are derived based upon a practical example.  ...  Based on this combination, we derive potentials in the context of the consideration of security and safety.  ...  The derivation of or exemplary threat by deriving requirements from the use case's functions is displayed in figure 5 .  ... 
doi:10.1017/dsi.2019.295 fatcat:wjqiekqapfectplyma6jwolexy

Cybersecurity Framework for IIoT-Based Power System Connected to Microgrid

2020 KSII Transactions on Internet and Information Systems  
In this study, we proposed a cybersecurity framework that reflects the characteristics of a microgrid network in the IIoT environment, and performed an analysis to validate the proposed framework.  ...  He has been working for Korea Power Exchange since 2003 and is in charge of critical infrastructure security.  ...  The lack of security analysis for each communication section may result in diverse security threats.  ... 
doi:10.3837/tiis.2020.05.020 fatcat:kdtovlsopbeg5kjqgpsbn52dji

A Holistic Approach to Attack Modeling and Analysis

Tong Li, Jennifer Horkoff, Kristian Beckers, Elda Paja, John Mylopoulos
2015 International i* Workshop  
A comprehensive attack pattern repository (CAPEC) is seamlessly integrated into our approach in order to provide analysts with practical security knowledge and assist them in identifying potential attacks  ...  In this paper, we present ongoing research on the development of a holistic attack analysis technique.  ...  We base our approach on a three-layer requirements framework [8] in order to consider threats from various system viewpoints and provide a holistic security analysis.  ... 
dblp:conf/istar/LiHBPM15 fatcat:vqf2rm4v4vh3vbu7345fchw6qq


2019 Issues in Information Systems  
There is further investigation needed to ensure agility as secure development practices are adopted and in regard to empirical evaluations of the proposed agile and secure software development integration  ...  Given the widespread adoption of agile methods and the rising number of software vulnerabilities, we analyze the literature with an interest in the effect of security practices on software development  ...  Threat Modeling In a systematic literature review on web application development security, Shuaibu, Norwawi, Selamat, and Al-Alwani (2015) note that Threat Modeling is the highest frequency security  ... 
doi:10.48009/1_iis_2019_144-156 fatcat:lgdsneoqpze5rbdji6inzrbcqy

Effective Security Requirements Analysis: HAZOP and Use Cases [chapter]

Thitima Srivatanakul, John A. Clark, Fiona Polack
2004 Lecture Notes in Computer Science  
This paper takes one such technique, HAZOP, and applies it to one widely used functional requirement elicitation component, UML use cases, in order to provide systematic analysis of potential security  ...  Use cases are widely used for functional requirements elicitation. However, security non-functional requirements are often neglected in this requirements analysis process.  ...  HAZOP helps the derivation of security requirements and policy. The analysis process is an effective means of teasing out security requirements.  ... 
doi:10.1007/978-3-540-30144-8_35 fatcat:v4d5xlwp6ffw3pjvimthrprjo4

RiskFlows - Continuous Risk-driven Workflows and Decision Support in Information Security Management Systems

Michael Brunner
2016 International Conference on Advanced Information Systems Engineering  
In our PhD thesis we will develop a continuous risk-driven approach to model and enact workflows in ISMS where security risks and derived controls are managed in a collaborative fashion.  ...  Information Security Risk Management (ISRM) techniques are incorporated to deal with threats and vulnerabilities that impose risks to information security properties of these assets.  ...  The coupling between security requirements, security controls and risk management generated different solutions to model risk and derive security controls as means of risk mitigation.  ... 
dblp:conf/caise/Brunner16 fatcat:2j55nbwqerbglbipp5dp6vqaq4

Security Testing for Naval Ship Combat System Software

Cheol-Gyu Yi, Young-Gab Kim
2021 IEEE Access  
Failure to systematically and comprehensively review the specific security requirements in software analysis and design results in developing a system vulnerable to cybersecurity threats.  ...  requirement analysis in the software requirement analysis & definition phase, and reflect the previously defined security requirements in the design phases.  ... 
doi:10.1109/access.2021.3076918 fatcat:esu3lk4rb5dwfa5eerbox2rpae

Security attack analysis using attack patterns

Tong Li, Elda Paja, John Mylopoulos, Jennifer Horkoff, Kristian Beckers
2016 2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)  
Discovering potential attacks on a system is an essential step in engineering secure systems, as the identified attacks will determine essential security requirements.  ...  the physical infrastructure, requiring a large amount of security knowledge which is difficult to acquire.  ...  and further derive security requirements [10] .  ... 
doi:10.1109/rcis.2016.7549303 dblp:conf/rcis/LiPMHB16 fatcat:rl3uzvota5hebkckdm7rdajada

Identification of Basic Measurable Security Components in Software-Intensive Systems

Reijo Savola
2009 Information Security for South Africa  
Our approach is security requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach.  ...  Security metrics can be used to offer this evidence. We investigate practical and holistic development of security metrics for software-intensive systems.  ...  SECURITY CRITICAL REQUIREMENTS Security requirements derive from threats, policies and environment properties. Security requirements that are derived from threats are actually countermeasures.  ... 
dblp:conf/issa/Savola09 fatcat:x5eg5uetf5dythfjjobvy6hwde

A Systematic Risk Assessment Framework of Automotive Cybersecurity

Yunpeng Wang, Yinghui Wang, Hongmao Qin, Haojie Ji, Yanan Zhang, Jian Wang
2021 Automotive Innovation  
The proposed assessment framework helps to systematically derive automotive cybersecurity requirements.  ...  It consists of an assessment process and systematic assessment methods considering the changes of threat environment, evaluation target, and available information in vehicle lifecycle.  ...  However, the attack tree method in EVITA required highly specialized evaluators, and the threat analysis using the STRIDE model lacked depth and details.  ... 
doi:10.1007/s42154-021-00140-6 fatcat:lswavqajcreqpm3p23qw5qnxda
« Previous Showing results 1 — 15 out of 113,898 results