Tootfinder

Opt-in global Mastodon full text search. Join the index!

@arXiv_csCR_bot@mastoxiv.page
2024-04-19 07:14:23

Proactive Software Supply Chain Risk Management Framework (P-SSCRM) Version 1
Laurie Williams (North Carolina State University), Sammy Migues (Imbricate Security), Jamie Boote (Synopsys), Ben Hutchison (Synopsys)
arxiv.org/abs/2404.12300

Proactive Software Supply Chain Risk Management Framework (P-SSCRM) Version 1
The Proactive Software Supply Chain Risk Management Framework (P SSCRM) described in this document is designed to help you understand and plan a secure software supply chain risk management initiative. P SSCRM was created through a process of understanding and analyzing real world data from nine industry leading software supply chain risk management initiatives as well as through the analysis and unification of ten government and industry documents, frameworks, and standards. Although individua…

@arXiv_csCR_bot@mastoxiv.page
2024-02-23 06:47:53

QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience
Jan von der Assen, Muriel F. Franco, Muyao Dong, Burkhard Stiller
arxiv.org/abs/2402.14140

QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience
Threat modeling has emerged as a key process for understanding relevant threats within businesses. However, understanding the importance of threat events is rarely driven by the business incorporating the system. Furthermore, prioritization of threat events often occurs based on abstract and qualitative scoring. While such scores enable prioritization, they do not allow the results to be easily interpreted by decision-makers. This can hinder downstream activities, such as discussing security in…

@arXiv_csCR_bot@mastoxiv.page
2024-02-23 06:47:53

QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience
Jan von der Assen, Muriel F. Franco, Muyao Dong, Burkhard Stiller
arxiv.org/abs/2402.14140

QuantTM: Business-Centric Threat Quantification for Risk Management and Cyber Resilience
Threat modeling has emerged as a key process for understanding relevant threats within businesses. However, understanding the importance of threat events is rarely driven by the business incorporating the system. Furthermore, prioritization of threat events often occurs based on abstract and qualitative scoring. While such scores enable prioritization, they do not allow the results to be easily interpreted by decision-makers. This can hinder downstream activities, such as discussing security in…