Recent Posts
-
CRSTIP Web Tool
Our questionnaire has been developed in the RASEN research project and allows to assess the maturity of your organization’s security assessment processes. We will aggregate your answers into a statistic which shows where your organization stands when compared with the baseline of the registered replies. The whole process takes around 10 minutes and the results […]
March 18, 2015 / rasen_adm / Comments Off
Read More » -
3rd International Workshop on Risk Assessment and Risk-Driven Testing (RISK) – Call for papers
The RASEN project is involved in the organization of the RISK 2015 work shop. The deadline for submitting a paper is 5th April 2015. The third international workshop on Risk Assessment and Risk-driven Testing (RISK) addresses systematic approaches that combine risk assessment and testing. We are interested in innovative techniques, tools and methods from industry or […]
March 11, 2015 / rasen_adm / Comments Off
Read More » -
RASEN Supports Standardization at the European Telecommunication Standards Institute
Within the RASEN project, we are aiming to develop methods, techniques and tools for risk-based security testing of large-scale networked systems. To accomplish the technical work and to boost the industrial applicability we have decided to make intensive use of standards covering the area security risk assessment and testing. Thus, the RASEN methodologies and the […]
March 3, 2015 / rasen_adm / Comments Off
Read More » -
Using Common Attack Pattern Enumeration (CAPEC) for Cyber Security Risk Assessment
CAPEC is a comprehensive dictionary and classification taxonomy of known security attacks developed by MITRE. The goal is to advance community understanding and defensive capabilities related to cyber security. RASEN has developed an approach for automatically generating a risk model from the CAPEC dictionary. This risk model can be used as a starting point for […]
February 24, 2015 / rasen_adm / Comments Off
Read More » -
RASEN General Assembly in Oslo
The next general assembly for the RASEN project will be hosted by SINTEF on February 4th and 5th in Oslo. The main topics of discussion will include upcoming technical work as well as preparing the second deployment of the RASEN methodology and tooling within the three industrial use cases. If you want to know more, […]
February 3, 2015 / rasen_adm / Comments Off
Read More » -
Three innovations from the RASEN Project
After two years of work on the RASEN project we outline the three most important achievements of our project. The scope of this article is to briefly introduce them and to provide information regarding related materials that are available on our website. RASEN tool-based methodology for risk based security testing and legal compliance The first RASEN […]
January 14, 2015 / rasen_adm / Comments Off
Read More » -
CORAS Tool v1.4 Released
The CORAS tool is an open-source diagram editor that accompanies the CORAS method for risk-analysis. As an important piece in the RASEN methodology, all three of our use cases employ CORAS tooling. The latest version of the tool is 1.4 and comes with the following improvements: Speed optimization – performance is no longer suffers significantly […]
January 5, 2015 / rasen_adm / Comments Off
Read More » -
Risk-Based Security Testing Primer
The goal of risk-based security testing is to improve the security testing process in order to cover especially risky areas of the application under test and at the same time minimize the time to market and to improve the use of resources by focusing testing work on areas with the highest risks. As such, risk-based […]
December 19, 2014 / rasen_adm / Comments Off
Read More » -
Component-oriented Pattern-driven Security Testing with RACOMAT
Our RACOMAT tool combines component based, low level risk assessment with security testing. RACOMAT facilitates undertaking risk analyses for component-based testing and produces reusable risk assessment artifacts in well-known formats. Furthermore RACOMAT is integrated with external data bases such as the MITRE CAPEC and the MITRE CWE. As main functionalities, our tool allows for semi-automated […]
December 5, 2014 / rasen_adm / Comments Off
Read More » -
The RASEN tool-supported method for risk-based security testing and compliance assessment
The RASEN method is focused on: Risk-based compliance assessment Test-based security risk assessment Risk-based security testing Conforming to the ISO/IEC 3100 standard, it integrates risk and compliance assessment together with security testing and is applicable to different levels of abstraction: Legal risk and compliance assessment, Security risk assessment, and Security testing The proposed risk-based […]
November 5, 2014 / rasen_adm / Comments Off
Read More »