
Recent Posts
Events
Upcoming Events
ASQF Quality Day at Fraunhofer FOKUS
Details: This event will have a talk about systematically combine security risk assessment and testing based on standards. More details about the event are available here.
Date&Location: December 9th, 2015, at Fraunhofer FOKUS (Berlin, Germany)
Public seminar on cyber-risk management
Details: SINTEF organizes a series of public seminars where research results and new technologies are presented and discussed. The seminars are held in Norwegian and attract people from industry, public sector and academia. The topic of this seminar is cyber-risk management and will include presentations from Bjørnar Solhaug and Ketil Stølen, as well as invited speakers. This particular seminar will moreover serve as a launch of the recently published book Cyber-Risk Management (Springer, 2015).
Date&Location: January 22, 2016, Oslo, Norway
Past Events
Legal Risk Management Conference in Skopje, Macedonia
Time and Place: October 21-22, 2014
Assoc. Prof. Tobias Mahler will be speaking at the Legal Risk Management Conference in Skopje, Makedonia, October 21-22 2014. The talk will address visualisation based on tool support, which is one of the many areas where lawyers can learn from the advances made in information security risk management.
Enterprise Security Event in Linz, Austria
Time and Place: October 28, 2014
Albert Zenkoff is going to give presentation at the “IT-Sicherheit am Donaustrand” in Linz on October 28 about enterprise security in the midst of cyber-threats, risks and regulations.
2nd International Workshop on Risk Assessment and Risk-driven Testing (RISK 2014)
Time and Place: November (exact date to be announced), Naples, Italy
Organizer: Fraunhofer FOKUS
The workshop will be part of ISSRE 2014 and will bring together industry and science by providing a platform for discussion, interaction and collaboration. Industrial papers should either describe challenges of system or software testing that could trigger future research activities or present comparable results of applying techniques for risk analysis or risk-based testing. Our project will participate with five papers. Our contributions are detailed on our webpage at http://www.rasenproject.eu/2nd-risk-workshop-at-issre-2014/
Workshop with Fraunhofer SIT and Security Experts on RASEN
Time and Place: Fall 2014 (To be announced), Darmstadt, Germany
Organizer: Albert Zenkoff (Software AG)
Further details will be available at a later date
Risk-based security testing for security-critical systems (Industry Workshop)
Time and Place: December 2014 (To be announced)
Organizer: Dr. Bruno Legeard (Smartesting)
Further details will be available at a later date
German IT Security Congress in Bonn, Germany
Time and Place: May 19-21, 2015
Our colleague Dr. Frank Werner (Software AG) will hold a presentation about security risk assessment of large scale networked systems, the target of our research in RASEN.
6th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2014)
Time and Place: October 2014, Corfu, Greece
Presentations: Prioritization of risk for testing (Dr. Fredrik Seehusen, SINTEF), Risk-based security testing (J. Großmann, J. Viehmann, M. Schneider, Fraunhofer FOKUS), Risk-based security testing from test patterns (Julien Botella, Bruno Legeard and Fabien Peureux, Smartesting)
User Conference on Advanced Automated Testing (UCAAT 2014)
Time and Place: September 16-18 2014, Munich, Germany
Presentations: From Test Legacy to Model-Based Testing – How to refactor an existing test repository into an MBT model? (Bruno Legeard & Arnaud Bouzy), Model-Based Security Testing with Test Patterns (Julien Botella, Jürgen Grossmann, Bruno Legeard, Fabien Peureux, Martin Schneider & Fredrik Seenhusen), Compositional risk analysis combined with automated security testing – the RACOMAT tool (Johannes Viehmann), How to derive high level test procedures from a risk model (Frederik Seehusen) and From Test Legacy to Model-Based Testing – How to refactor an existing test repository into an MBT model? (Bruno Legeard & Arnaud Bouzy)
Risk and Testing Combined
Time and Place: June 18th, 2014, SINTEF, Oslo, Norway
Organizer: Dr. Ketil Stolen (SINTEF)
CAST Workshop “Developing secure software – experiences, methods and tools”
Time and Place: 15th May 2014, Darmstadt, Germany
Organizer: Albert Zenkoff (Software AG) & Fraunhofer SIT
RISK2013 – 1st International Workshop on Risk Assessment and Risk-driven Testing
November 12, 2013 – Istanbul, Turkey
The continuous rise of software complexity with increased functionality and accessibility of software and electronic components leads to an evergrowing demand for techniques to ensure software quality, dependability and security. The risks that software systems do not meet their intended level of quality can have severe impact on vendors, customers and even – when it comes to critical systems and infrastructures – our daily life. The precise understanding of risks, as well as the focused treatment of risks, has become one of the corner stones for critical decision within complex social and technical environments. Even nowadays software testing is based on risk-driven decisions.
However, classical test approaches address risks rather implicitly than systematically. Systems, functions, or modules, which are known to be critical, are tested more intensively than others. The basis of such kind of test planning is often a very simple and unstructured risk assessment, which usually is performed during or in the preparation of the test process. However, we know that humans are great in planning technical environments and processes, but often fail when it comes to the intuitive estimation of related risk.
This workshop addresses systematic approaches that combine risk assessment and testing. We are interested in innovative techniques, tools and methods from industry or research, that cover systematic risk assessment, whether to obtain risk-optimized test configurations and specifications, to underpin risk analyzes by means of experimental data from test results, or to enable domain-specific solutions that address specific kinds of risk (e.g. safety risks, security risks, business risks, legal risks).
RISK2013 Homepage
SASSI13 – Security Assessment for Systems, Services and Infrastructures
September 19 and 20, 2013 at the Technical University (TU) in Berlin
Security failures and data breaches are impacting not only enterprises but also critical infrastructures and public services. Solely in Germany successful attacks on IT systems in cause damage by 4.8 million euros a year. At the same time, we are experiencing how the current IT landscape is changing rapidly. Just a few years ago, the Internet was dedicated to interconnect stationary end user devices. Nowadays, the tendency towards an Internet of things makes the situation more complex. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming theoretical accessible and thus vulnerable to hacker attacks. However, we are more than ever dependent on a secure and mature ICT infrastructure.
One of the keys to get and maintain such a secure and dependable infrastructure is a mature, systematic and capable security risk analysis and testing program. This workshop will provide a forum to discuss innovative security testing approaches and their combination with security risk analysis. At the same time, the workshop tries to draw a line to the industrial requirements and the challenges that arise when security testing meets the demands of cost efficiency and scalability. Experts from industry and academia will present and discuss their solutions to the key issues security risk analysis, vulnerability testing, model based security testing, and standardization. The contributions are complemented by industry grade research results from four large European research projects.