Security risk visualization with semantic risk model

Outi-Marja Latvala (Corresponding Author), Jyri Toivonen, Antti Evesti, Markus Sihvonen, Vesa Jordan

Research output: Contribution to journalArticleScientificpeer-review

2 Citations (Scopus)

Abstract

Understanding and analysing security risks is an essential task when designing and maintaining a systems' security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.
Original languageEnglish
Pages (from-to)1194-1199
JournalProcedia Computer Science
Volume83
DOIs
Publication statusPublished - 2016
MoE publication typeA1 Journal article-refereed
Event7th International Conference on Ambient Systems, Networks and Technologies, ANT 2016 - Madrid, Spain
Duration: 23 May 201626 May 2016

Fingerprint

Visualization
Semantics
Risk analysis
Security systems
Systems analysis

Keywords

  • security metric
  • visualization
  • risk management

Cite this

Latvala, Outi-Marja ; Toivonen, Jyri ; Evesti, Antti ; Sihvonen, Markus ; Jordan, Vesa. / Security risk visualization with semantic risk model. In: Procedia Computer Science. 2016 ; Vol. 83. pp. 1194-1199.
@article{7851467680fc4a038e0ef7d6fb2e2e69,
title = "Security risk visualization with semantic risk model",
abstract = "Understanding and analysing security risks is an essential task when designing and maintaining a systems' security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.",
keywords = "security metric, visualization, risk management",
author = "Outi-Marja Latvala and Jyri Toivonen and Antti Evesti and Markus Sihvonen and Vesa Jordan",
year = "2016",
doi = "10.1016/j.procs.2016.04.247",
language = "English",
volume = "83",
pages = "1194--1199",
journal = "Procedia Computer Science",
issn = "1877-0509",
publisher = "Elsevier",

}

Latvala, O-M, Toivonen, J, Evesti, A, Sihvonen, M & Jordan, V 2016, 'Security risk visualization with semantic risk model', Procedia Computer Science, vol. 83, pp. 1194-1199. https://doi.org/10.1016/j.procs.2016.04.247

Security risk visualization with semantic risk model. / Latvala, Outi-Marja (Corresponding Author); Toivonen, Jyri; Evesti, Antti; Sihvonen, Markus; Jordan, Vesa.

In: Procedia Computer Science, Vol. 83, 2016, p. 1194-1199.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - Security risk visualization with semantic risk model

AU - Latvala, Outi-Marja

AU - Toivonen, Jyri

AU - Evesti, Antti

AU - Sihvonen, Markus

AU - Jordan, Vesa

PY - 2016

Y1 - 2016

N2 - Understanding and analysing security risks is an essential task when designing and maintaining a systems' security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.

AB - Understanding and analysing security risks is an essential task when designing and maintaining a systems' security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.

KW - security metric

KW - visualization

KW - risk management

U2 - 10.1016/j.procs.2016.04.247

DO - 10.1016/j.procs.2016.04.247

M3 - Article

VL - 83

SP - 1194

EP - 1199

JO - Procedia Computer Science

JF - Procedia Computer Science

SN - 1877-0509

ER -

Latvala O-M, Toivonen J, Evesti A, Sihvonen M, Jordan V. Security risk visualization with semantic risk model. Procedia Computer Science. 2016;83:1194-1199. https://doi.org/10.1016/j.procs.2016.04.247

Access to Document

Related content

Projects

Secure Networking for a Data Center Cloud in Europe

Project: Research