Bintang Ramdhani

(1)

ENTERPRISE CYBERSECURITY RISK ASSESSMENT WITH THREAT MODELING: 102 of 105 CASE STUDY XYZ INSURANCE COMPANY

Bintang Ramdhani

REFERENCES

Common Vulnerability Scoring System Version 3.1 (no date). Available at:

https://www.first.org/cvss/calculator/3.1 (Accessed: 27 June 2021).

ISACA (2018a) Governance and Management Objectives, COBIT® 2019 Framework. Available at: https://www.isaca.org/resources/cobit.

ISACA (2018b) Introduction and methodology, COBIT 2019, Intoduction and Methodology, Schaumburg. doi: 10.1163/9789004430785_002.

ISO (2018a) ‘International Organization for Standardization ISO 31000: Risk management - Principles and guidelines’, Iso 31000, 2018, p. 36.

ISO (2018b) ‘INTERNATIONAL STANDARD ISO / IEC 27005 Information security risk management’, 2018.

Khan, R. et al. (2017) ‘STRIDE-based Threat Modeling for Cyber-Physical Systems’, IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), 2017, pp., pp. 1–6. doi: 10.1109/ISGTEurope.2017.8260283.

Kure, H. I., Islam, S. and Razzaque, M. A. (2018) ‘An integrated cyber security risk management approach for a cyber-physical system’, Applied Sciences (Switzerland), 8(6). doi: 10.3390/app8060898.

Landoll, D. (2016) The Security Risk Assessment Handbook, The Security Risk Assessment Handbook. doi: 10.1201/b10937.

Maheshwari, V. and Prasanna, M. (2016) ‘within SDLC process’, 2016 International Conference on Inventive Computation Technologies (ICICT), 1, pp. 1–5.

(2)

Rebecca M. Blank. Patrick D. Gallagher (2012) ‘NIST Special Publication 800-30 Revision 1 - Guide for Conducting Risk Assessments’, NIST Special Publication, (September), p. 95.

Saitta, P., Larcom, B. and Eddington, M. (2005) ‘Trike v. 1 methodology document’, URL: http://dymaxion. org/trike/ …, pp. 1–17. Available at:

http://www.octotrike.org/papers/Trike_v1_Methodology_Document-draft.pdf.

Schlegel, R., Obermeier, S. and Schneider, J. (2015) ‘Structured system threat modeling and mitigation analysis for industrial automation systems’, Proceeding - 2015 IEEE International Conference on Industrial Informatics, INDIN 2015, pp. 197–

203. doi: 10.1109/INDIN.2015.7281734.

Shevchenko, N., Frye, B. R. and Woody, C. (2018) ‘Threat Modeling: Evaluation and Recommendations’, (September). Available at:

https://apps.dtic.mil/sti/pdfs/AD1083907.pdf.

Shostack, A. (2014) 【AdamShostack】Threat Modeling： Designing for Security.

Available at:

https://moodle.ufsc.br/pluginfile.php/2377555/mod_resource/content/2/Threat Modeling.pdf.

Sion, L. et al. (2018) ‘Risk-based design security analysis’, Proceedings - International Conference on Software Engineering, (i), pp. 11–18. doi:

10.1145/3194707.3194710.

Soares Cruzes, D. et al. (2018) ‘Challenges and experiences with applying microsoft threat modeling in agile development projects’, Proceedings - 25th Australasian Software Engineering Conference, ASWEC 2018, pp. 111–120. doi:

10.1109/ASWEC.2018.00023.

Souppaya, M. and Scarfone, K. (2016) ‘[Draft] NIST Special Publication 800-154:

Guide To Data-Centric System Threat Modeling’, NIST Special Publication, p. 25.

(3)

Available at:

http://csrc.nist.gov/publications.%0Ahttp://csrc.nist.gov/publications/PubsSPs.html%5 Cnhttp://csrc.nist.gov/publications/PubsDrafts.html#SP-800-

154%5Cnhttp://csrc.nist.gov/publications/drafts/800-154/sp800_154_draft.pdf.

Threat Modeling | Microsoft Docs (no date). Available at:

https://docs.microsoft.com/en-us/previous-versions/msp-n-

p/ff648644(v=pandp.10)?redirectedfrom=MSDN#c03618429_ (Accessed: 11 June 2021).

Ucedavélez, T. and Morana, M. M. (2015) Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. In Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis.

VaSquez (2019) B-171. CISSP: The Official (ISC)2 CISSP CBK Reference.

Xiong, W. and Lagerström, R. (2019) ‘Threat modeling – A systematic literature review’, Computers and Security, 84, pp. 53–69. doi: 10.1016/j.cose.2019.03.010.