The RASEN tool-supported method for risk-based security testing and compliance assessment
The RASEN method is focused on:
- Risk-based compliance assessment
- Test-based security risk assessment
- Risk-based security testing
Conforming to the ISO/IEC 3100 standard, it integrates risk and compliance assessment together with security testing and is applicable to different levels of abstraction:
- Legal risk and compliance assessment,
- Security risk assessment, and
- Security testing
The proposed risk-based security testing methodology is integrated with ISO29119 from end to end, from the security test planning, design and implementation phases down to execution and evaluation of testing results. The RASEN methodology provides both a specification template as well as the required tool support from several research and technical partners (SINTEF, Software AG, Fraunhofer FOKUS and Smartesting) as shown below.
In conclusion, the RASEN method covers the integration of security testing, risk and compliance assessment. The method is specified in a concise and clear manner and is tool-supported. Furthermore, the method is being instantiated across the project use cases within several domains including business software, online banking and eHealth. Last but not least, the RASEN methodology constitutes a work item at ETSI with the project consortium determined.
A presentation of this RASEN innovation is available here: Tool Supported Method for RBST and Compliance Assessment
5 Nov 2014 / rasen_adm /