The overall objective of the project is to strengthen European organizations’ ability to conduct security assessments of large scale networked systems through the combination of security risk assessment and security testing, taking into account the context in which the system is used, such as liability, legal and organizational issues as well as technical issues. To fulfill this objective, the RASEN project will develop an approach that supports:
Compositional security assessment: How the security assessment can be broken down into smaller parts and systematically composed to obtain the global assessment;
Risk-based security testing: How to derivative security test cases from security risk assessment results;
Test-based security risk assessment: How to verify and update the security risk assessment based on security test results;
Legal security risk assessment: How to assess and understand compliance with legal norms related to information security;
Continuous security assessment: How to reuse results from previous security assessments and to rapidly update the security risk assessment based on passive testing (also called monitoring).
EVRY, Fraunhofer FOKUS, Info World, SINTEF, Smartesting, Software AG, University of Oslo
Core Topics of Software AG:
Software AG will provide use cases from the IT industry domain. As a technology provider, Software AG will, based on the ARIS risk assessment tool, contribute to the work on the tools/techniques for compositional risk assessment.
Project duration: October 2012 - September 2015