Twitter LinkedIn

Compositional Risk Assessment

and Security Testing of Networked Systems

  • Innovations
  • CRSTIP
  • Consortium
  • Events
  • Publications
  • Deliverables
  • Contact
 
Menu
  • Innovations
  • CRSTIP
  • Consortium
  • Events
  • Publications
  • Deliverables
  • Contact
 
 
 
 
 
Seventh Framework Programme

Recent Posts

  • ETSI Guide EG203251 Available
  • Year 3 Project Deliverables now Available
  • Security Testing and Risk Assessment for Large-Scale Networked Systems using ARIS
  • A RASEN Innovation for Security Pattern and Model-Based Vulnerability Testing
  • Artefacts supporting risk based security testing

PAGES

  • Innovations
  • CRSTIP
  • Consortium
  • Events
  • Publications
  • Deliverables
  • Contact

Events

Upcoming Events


ASQF Quality Day at Fraunhofer FOKUS

Details: This event will have a talk about systematically combine security risk assessment and testing based on standards. More details about the event are available here.

Date&Location: December 9th, 2015, at Fraunhofer FOKUS (Berlin, Germany)


Public seminar on cyber-risk management

Details: SINTEF organizes a series of public seminars where research results and new technologies are presented and discussed. The seminars are held in Norwegian and attract people from industry, public sector and academia. The topic of this seminar is cyber-risk management and will include presentations from Bjørnar Solhaug and Ketil Stølen, as well as invited speakers. This particular seminar will moreover serve as a launch of the recently published book Cyber-Risk Management (Springer, 2015).

Date&Location: January 22, 2016, Oslo, Norway


Past Events

Legal Risk Management Conference in Skopje, Macedonia

Time and Place: October 21-22, 2014

Assoc. Prof. Tobias Mahler will be speaking at the Legal Risk Management Conference in Skopje, Makedonia, October 21-22 2014. The talk will address visualisation based on tool support, which is one of the many areas where lawyers can learn from the advances made in information security risk management.


Enterprise Security Event in Linz, Austria

Time and Place: October 28, 2014
Albert Zenkoff is going to give presentation at the “IT-Sicherheit am Donaustrand” in Linz on October 28 about enterprise security in the midst of cyber-threats, risks and regulations.


2nd International Workshop on Risk Assessment and Risk-driven Testing (RISK 2014)

Time and Place: November (exact date to be announced), Naples, Italy
Organizer: Fraunhofer FOKUS
The workshop will be part of ISSRE 2014 and will bring together industry and science by providing a platform for discussion, interaction and collaboration. Industrial papers should either describe challenges of system or software testing that could trigger future research activities or present comparable results of applying techniques for risk analysis or risk-based testing. Our project will participate with five papers. Our contributions are detailed on our webpage at http://www.rasenproject.eu/2nd-risk-workshop-at-issre-2014/


Workshop with Fraunhofer SIT and Security Experts on RASEN

Time and Place: Fall 2014 (To be announced), Darmstadt, Germany
Organizer: Albert Zenkoff (Software AG)
Further details will be available at a later date


 

Risk-based security testing for security-critical systems (Industry Workshop)

Time and Place: December 2014 (To be announced)
Organizer: Dr. Bruno Legeard (Smartesting)
Further details will be available at a later date


German IT Security Congress in Bonn, Germany

Time and Place: May 19-21, 2015
Our colleague Dr. Frank Werner (Software AG) will hold a presentation about security risk assessment of large scale networked systems, the target of our research in RASEN.


6th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2014)

Time and Place: October 2014, Corfu, Greece
Presentations: Prioritization of risk for testing (Dr. Fredrik Seehusen, SINTEF), Risk-based security testing (J. Großmann, J. Viehmann, M. Schneider, Fraunhofer FOKUS), Risk-based security testing from test patterns (Julien Botella, Bruno Legeard and Fabien Peureux, Smartesting)


User Conference on Advanced Automated Testing (UCAAT 2014)

Time and Place: September 16-18 2014, Munich, Germany
Presentations: From Test Legacy to Model-Based Testing – How to refactor an existing test repository into an MBT model? (Bruno Legeard & Arnaud Bouzy), Model-Based Security Testing with Test Patterns (Julien Botella, Jürgen Grossmann, Bruno Legeard, Fabien Peureux, Martin Schneider & Fredrik Seenhusen), Compositional risk analysis combined with automated security testing – the RACOMAT tool (Johannes Viehmann), How to derive high level test procedures from a risk model (Frederik Seehusen) and From Test Legacy to Model-Based Testing – How to refactor an existing test repository into an MBT model? (Bruno Legeard & Arnaud Bouzy)


Risk and Testing Combined

Time and Place: June 18th, 2014, SINTEF, Oslo, Norway
Organizer: Dr. Ketil Stolen (SINTEF)


CAST Workshop “Developing secure software – experiences, methods and tools”

Time and Place: 15th May 2014, Darmstadt, Germany
Organizer: Albert Zenkoff (Software AG) & Fraunhofer SIT


RISK2013 – 1st International Workshop on Risk Assessment and Risk-driven Testing

November 12, 2013 – Istanbul, Turkey

logo_Fraunhofer The continuous rise of software complexity with increased functionality and accessibility of software and electronic components leads to an evergrowing demand for techniques to ensure software quality, dependability and security. The risks that software systems do not meet their intended level of quality can have severe impact on vendors, customers and even – when it comes to critical systems and infrastructures – our daily life. The precise understanding of risks, as well as the focused treatment of risks, has become one of the corner stones for critical decision within complex social and technical environments. Even nowadays software testing is based on risk-driven decisions.

However, classical test approaches address risks rather implicitly than systematically. Systems, functions, or modules, which are known to be critical, are tested more intensively than others. The basis of such kind of test planning is often a very simple and unstructured risk assessment, which usually is performed during or in the preparation of the test process. However, we know that humans are great in planning technical environments and processes, but often fail when it comes to the intuitive estimation of related risk.
This workshop addresses systematic approaches that combine risk assessment and testing. We are interested in innovative techniques, tools and methods from industry or research, that cover systematic risk assessment, whether to obtain risk-optimized test configurations and specifications, to underpin risk analyzes by means of experimental data from test results, or to enable domain-specific solutions that address specific kinds of risk (e.g. safety risks, security risks, business risks, legal risks).

RISK2013 Homepage

SASSI13 – Security Assessment for Systems, Services and Infrastructures

September 19 and 20, 2013 at the Technical University (TU) in Berlin

logo_SASSI13 Security failures and data breaches are impacting not only enterprises but also critical infrastructures and public services. Solely in Germany successful attacks on IT systems in cause damage by 4.8 million euros a year. At the same time, we are experiencing how the current IT landscape is changing rapidly. Just a few years ago, the Internet was dedicated to interconnect stationary end user devices. Nowadays, the tendency towards an Internet of things makes the situation more complex. Mobile devices, home automation, smart grids and even vehicles are connected via the Internet and becoming theoretical accessible and thus vulnerable to hacker attacks. However, we are more than ever dependent on a secure and mature ICT infrastructure.

One of the keys to get and maintain such a secure and dependable infrastructure is a mature, systematic and capable security risk analysis and testing program. This workshop will provide a forum to discuss innovative security testing approaches and their combination with security risk analysis. At the same time, the workshop tries to draw a line to the industrial requirements and the challenges that arise when security testing meets the demands of cost efficiency and scalability. Experts from industry and academia will present and discuss their solutions to the key issues security risk analysis, vulnerability testing, model based security testing, and standardization. The contributions are complemented by industry grade research results from four large European research projects.

SASSI13 Homepage

 

Recent Posts

  • ETSI Guide EG203251 Available
  • Year 3 Project Deliverables now Available
  • Security Testing and Risk Assessment for Large-Scale Networked Systems using ARIS
  • A RASEN Innovation for Security Pattern and Model-Based Vulnerability Testing
  • Artefacts supporting risk based security testing
  • Artefacts supporting planned security testing
  • Security testing – Continuous risk-based testing
  • Risk assessment – Real time assessment
  • Risk assessment – Check list assessment
  • Legal and compliance assessment – Systematic compliance assessment

Tag Cloud

Pages

  • Consortium
  • Contact
  • CRSTIP Web Tool
  • Deliverables
  • Detailed information regarding RASEN support for the key areas and levels below is available by selecting them. Supported areas have a blue background
  • Events
  • Home
  • Innovations
  • Publications
  • Statistics

Categories

  • crstipv2
    • Legal and compliance assessment
      • Ad-hoc compliance assessment
      • Check list based compliance assessment
      • Systematic and risk driven
      • Systematic compliance assessment
    • Risk assessment
      • Checklist assessment
      • Qualitative Assessment
      • Quantitative assessment
      • Real time assessment
    • Security testing
      • Continuous risk-based testing
      • Planned testing
      • Risk based testing
      • Unstructured testing
    • Tool support
      • Integrated
      • None
      • Partially Integrated
      • Stand Alone
  • News

Copyright © 2013 RASENTheme created by PWT. Powered by WordPress.org