Citation Export
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Park, Sihn Hye | - |
| dc.contributor.author | Lee, Seok Won | - |
| dc.date.issued | 2022-01-01 | - |
| dc.identifier.uri | https://aurora.ajou.ac.kr/handle/2018.oak/36833 | - |
| dc.identifier.uri | https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85142265119&origin=inward | - |
| dc.description.abstract | Cybersecurity attacks, which have many business impacts, continuously become more intelligent and complex. These attacks take the form of a combination of various attack elements. APT attacks reflect this characteristic well. To defend against APT attacks, organizations should sufficiently understand these attacks based on the attack elements and their relations and actively defend against these attacks in multiple dimensions. Most organizations perform risk management to manage their information security. Generally, they use the information system risk assessment (ISRA). However, the method has difficulties supporting sufficiently analyzing security risks and actively responding to these attacks due to the limitations of asset-driven qualitative evaluation activities. In this paper, we propose a threat-driven risk assessment method. This method can evaluate how dangerous APT attacks are for an organization, analyze security risks from multiple perspectives, and support establishing an adaptive security strategy. | - |
| dc.description.sponsorship | This research was supported by the Basic Science Research Program through the National Research Foundation of Korea (NKF), funded by the Ministry of Science and ICT (NRF-2020R1F1A1075605), and the BK21 FOUR program of the National Research Foundation of Korea, funded by the Ministry of Education (NRF5199991014091). | - |
| dc.language.iso | eng | - |
| dc.publisher | IEEE Computer Society | - |
| dc.subject.mesh | Advanced persistent threat | - |
| dc.subject.mesh | Asset identification | - |
| dc.subject.mesh | Business Process | - |
| dc.subject.mesh | Business process-based asset identification | - |
| dc.subject.mesh | Domain ontologies | - |
| dc.subject.mesh | Evidence-based | - |
| dc.subject.mesh | Evidence-based risk evaluation | - |
| dc.subject.mesh | Problem domain | - |
| dc.subject.mesh | Process-based | - |
| dc.subject.mesh | Risk aware | - |
| dc.subject.mesh | Risk evaluation | - |
| dc.subject.mesh | Risk-aware problem domain ontology | - |
| dc.subject.mesh | Risks assessments | - |
| dc.subject.mesh | Threat-driven risk assessment | - |
| dc.title | Threat-driven Risk Assessment for APT Attacks using Risk-Aware Problem Domain Ontology | - |
| dc.type | Conference | - |
| dc.citation.conferenceDate | 2022.8.15. ~ 2022.8.19. | - |
| dc.citation.conferenceName | 30th IEEE International Requirements Engineering Conference Workshops, REW 2022 | - |
| dc.citation.edition | Proceedings - 30th IEEE International Requirements Engineering Conference Workshops, REW 2022 | - |
| dc.citation.endPage | 231 | - |
| dc.citation.startPage | 226 | - |
| dc.citation.title | Proceedings of the IEEE International Conference on Requirements Engineering | - |
| dc.identifier.bibliographicCitation | Proceedings of the IEEE International Conference on Requirements Engineering, pp.226-231 | - |
| dc.identifier.doi | 10.1109/rew56159.2022.00050 | - |
| dc.identifier.scopusid | 2-s2.0-85142265119 | - |
| dc.subject.keyword | advanced persistent threat | - |
| dc.subject.keyword | business process-based asset identification | - |
| dc.subject.keyword | evidence-based risk evaluation | - |
| dc.subject.keyword | risk-aware problem domain ontology | - |
| dc.subject.keyword | threat-driven risk assessment | - |
| dc.type.other | Conference Paper | - |
| dc.description.isoa | false | - |
| dc.subject.subarea | Computer Science (all) | - |
| dc.subject.subarea | Engineering (all) | - |
| dc.subject.subarea | Strategy and Management | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.
