Home // SECURWARE 2024, The Eighteenth International Conference on Emerging Security Information, Systems and Technologies // View article

Riskpool – A Security Risk Management Methodology

Authors:
Martin Ring
Paul Duplys
Sven Köhler

Keywords: security; risk management; cyber security.

Abstract:
Risk management is widely defined as a process during product development. As an example, the ISO 31000 family of standards defines risk management as coordinated activities to direct and control an organization with regard to risk. While necessary, process-related aspects cover only one part of a risk management system since processes usually specify that something must be done, but not how to do it. In this paper, we propose a new methodology for implementing risk management in commercial software engineering, over the complete product lifetime. We illustrate our method by showing how it can be applied to address cyber security risks. We argue that our method has significant advantages over classical risk management techniques especially in domains like cyber security where new regulations and laws are being introduced.

Pages: 43 to 46

Copyright: Copyright (c) IARIA, 2024

Publication date: November 3, 2024

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-206-7

Location: Nice, France

Dates: from November 3, 2024 to November 7, 2024