Compositional Risk Assessment

and Security Testing of Networked Systems

The RASEN tool-supported method for risk-based security testing and compliance assessment

The RASEN method is focused on:

• Risk-based compliance assessment
• Test-based security risk assessment
• Risk-based security testing

Conforming to the ISO/IEC 3100 standard, it integrates risk and compliance assessment together with security testing and is applicable to different levels of abstraction:

• Legal risk and compliance assessment,
• Security risk assessment, and
• Security testing

Entry Points of the RASEN Method

The proposed risk-based security testing methodology is integrated with ISO29119 from end to end, from the security test planning, design and implementation phases down to execution and evaluation of testing results. The RASEN methodology provides both a specification template as well as the required tool support from several research and technical partners (SINTEF, Software AG, Fraunhofer FOKUS and Smartesting) as shown below.

Tool Support for Risk-Based Security Testing

In conclusion, the RASEN method covers the integration of security testing, risk and compliance assessment. The method is specified in a concise and clear manner and is tool-supported. Furthermore, the method is being instantiated across the project use cases within several domains including business software, online banking and eHealth. Last but not least, the RASEN methodology constitutes a work item at ETSI with the project consortium determined.

A presentation of this RASEN innovation is available here:  Tool Supported Method for RBST and Compliance Assessment

Categories: News

The RACOMAT Tool Component-oriented Pattern-driven Security Testing with RACOMAT