Security risk visualization with semantic risk model

Outi-Marja Latvala; Jyri Toivonen; Antti Evesti; Markus Sihvonen; Vesa Jordan

doi:10.1016/j.procs.2016.04.247

Security risk visualization with semantic risk model

Outi-Marja Latvala (Corresponding Author), Jyri Toivonen, Antti Evesti, Markus Sihvonen, Vesa Jordan

Research output: Contribution to journal › Article › Scientific › peer-review

3 Citations (Scopus)

Abstract

Understanding and analysing security risks is an essential task when designing and maintaining a systems' security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.

Original language	English
Pages (from-to)	1194-1199
Journal	Procedia Computer Science
Volume	83
DOIs	https://doi.org/10.1016/j.procs.2016.04.247
Publication status	Published - 2016
MoE publication type	A1 Journal article-refereed
Event	7th International Conference on Ambient Systems, Networks and Technologies, ANT 2016 - Madrid, Spain Duration: 23 May 2016 → 26 May 2016

Keywords

security metric
visualization
risk management

Access to Document

10.1016/j.procs.2016.04.247

Fingerprint Dive into the research topics of 'Security risk visualization with semantic risk model'. Together they form a unique fingerprint.

Projects

1 Finished

SENDATE-PLANETS: Secure Networking for a Data Center Cloud in Europe

Savolainen, P., Savola, R., Vähä-Heikkilä, T. & Honka, H.

1/04/16 → 30/04/19

Project: Research

Cite this

Latvala, O-M., Toivonen, J., Evesti, A., Sihvonen, M., & Jordan, V. (2016). Security risk visualization with semantic risk model. Procedia Computer Science, 83, 1194-1199. https://doi.org/10.1016/j.procs.2016.04.247

@article{7851467680fc4a038e0ef7d6fb2e2e69,

title = "Security risk visualization with semantic risk model",

abstract = "Understanding and analysing security risks is an essential task when designing and maintaining a systems' security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.",

keywords = "security metric, visualization, risk management",

author = "Outi-Marja Latvala and Jyri Toivonen and Antti Evesti and Markus Sihvonen and Vesa Jordan",

year = "2016",

doi = "10.1016/j.procs.2016.04.247",

language = "English",

volume = "83",

pages = "1194--1199",

journal = "Procedia Computer Science",

issn = "1877-0509",

publisher = "Elsevier",

note = "7th International Conference on Ambient Systems, Networks and Technologies, ANT 2016, ANT 2016 ; Conference date: 23-05-2016 Through 26-05-2016",

}

TY - JOUR

T1 - Security risk visualization with semantic risk model

AU - Latvala, Outi-Marja

AU - Toivonen, Jyri

AU - Evesti, Antti

AU - Sihvonen, Markus

AU - Jordan, Vesa

PY - 2016

Y1 - 2016

N2 - Understanding and analysing security risks is an essential task when designing and maintaining a systems' security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.

AB - Understanding and analysing security risks is an essential task when designing and maintaining a systems' security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.

KW - security metric

KW - visualization

KW - risk management

U2 - 10.1016/j.procs.2016.04.247

DO - 10.1016/j.procs.2016.04.247

M3 - Article

VL - 83

SP - 1194

EP - 1199

JO - Procedia Computer Science

JF - Procedia Computer Science

SN - 1877-0509

T2 - 7th International Conference on Ambient Systems, Networks and Technologies, ANT 2016

Y2 - 23 May 2016 through 26 May 2016

ER -