Abstract
Technology has become increasingly adopted by businesses for achieving overall objectives. Systems within these technologies generate a huge amount of data. It is necessary to identify the data and undertake appropriate controls to protect the data from any potential threats. Data, in general, is different types, such as operational and business which have different costs and impact on the overall business continuity. Threat analysis needs to consider various data types and associated weaknesses related to an organisational context’s systems and applications. There are numerous threat models available, but there is a lack of focus on analysing and prioritizing threats relating to the data. This paper presents a data-driven approach for threat analysis and a conceptual model. The model includes several concepts, i.e., actor, infrastructure, data and weakness, to analyse the data and threats from three phases management, control and business. Finally, a running example is used to demonstrate the applicability of the work.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Casola, V., De Benedictis, A., Rak, M., Villano, U.: Toward the automation of threat modeling and risk assessment in IoT systems. Internet Things 7 (2019)
Tanyi, F.: Attack modeling and risk assessments in software defined networking (SDN) (2019)
Pell, R., Moschoyiannis, S., Panaousis, E., Heartfield, R.: Towards dynamic threat modelling in 5g core networks based on mitre att&ck a preprint (2021)
Kohnfelder, L., Garg, P.: The threats to our products, Microsoft Interface, Microsoft Corp., vol. 33 (1999)
UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons, Hoboken (2015)
Shevchenko, N.: Threat Modeling: 12 Available Methods (2018). https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html. Accessed 25 Feb 2020
Scarfone, K., Souppaya, M.: Draft NIST Special Publication 800–154 Guide to Data-Centric System Threat Modeling Draft NIST Special Publication 800–154 Guide to Data-Centric System Threat Modeling (2016)
Bharathi, B.B., Babu, E.S.: A novel approach to cyber hazard management intelligence system. Int. J. Eng. Technol. 7, 473–479 (2018)
Bradshaw, S.: Chapter eight: combatting cyber threats: CSIRTS and fostering, Cyber Secur. a Volatile World, p. 105 (2016)
CWE–Common Weakness Enumeration (2022). https://cwe.mitre.org/index.html. Accessed 18 Jan 2022
CWE–CWE-521: Weak Password Requirements (4.6). https://cwe.mitre.org/data/definitions/521.html. Accessed 27 Jan 2022
CAPEC–Common Attack Pattern Enumeration and Classification (CAPECTM) (2022). https://capec.mitre.org/. Accessed 18 Jan 2022
CAPEC–CAPEC-49: Password Brute Forcing (Version 3.6). https://capec.mitre.org/data/definitions/49.html. Accessed 27 Jan 2022
Joint Task Force: National Institute of Standards and Technology Special Publication 800–53, Revision 5 : Security and Privacy Controls for Information Systems and Organizations, NIST Spec. Publ., p. 465 (2020)
Acknowledgment
This work was partially supported by the AI4HEALTHSEC EU project, funded from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 883273.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alwaheidi, M.K.S., Islam, S., Papastergiou, S. (2022). A Conceptual Model for Data-Driven Threat Analysis for Enhancing Cyber Security. In: Daimi, K., Al Sadoon, A. (eds) Proceedings of the ICR’22 International Conference on Innovations in Computing Research. ICR 2022. Advances in Intelligent Systems and Computing, vol 1431. Springer, Cham. https://doi.org/10.1007/978-3-031-14054-9_34
Download citation
DOI: https://doi.org/10.1007/978-3-031-14054-9_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14053-2
Online ISBN: 978-3-031-14054-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)