D.V. Saveliev
Èlektron. model. 2021, 43(4):113-124
https://doi.org/10.15407/emodel.43.04.113
ABSTRACT
The article defines the concept of threat model. Described a list of current security guidelines for the development and administration of web systems. Formed the list of cybersecurity threats, the consequences of their implementation are determined. Described the process of forming a model of cybersecurity threats of web systems. Defined the list of threats based on the recommendations and experience of authoritative organizations in the world and Ukraine. Defined the concepts of risk, risk index and risk status for the security of web systems. Defined the main principles of risk management in software development projects.
KEYWORDS
cybersecurity, thread, thread model, risk, risk management.
REFERENCES
- Saveliev, D. (2018), “Model of cybersecurity threats of critical information infrastructure in the field of nuclear energy”, Modeliuvannia ta informatsiini tekhnolohii, Vol. 83, pp. 42-48.
- Saveliev, D. (2018), “Web application protection is a complex task from design to operation”, Modeliuvannia ta informatsiini tekhnolohii, Vol. 88, pp. 104-109.
https://doi.org/10.1002/ad.2350 - Anton, K., Manico, J. and Bird, J. (2018), “10 Critical Security Areas That Software Developers Must Be Aware Of”, OWASP Top Ten Proactive Controls Project, available at: https://owasp.org/www-pdf-archive/OWASP_Top_10_Proactive_Controls_V3.pdf (accessed: April 12, 2020).
- CERT-UA recommendations on web resource security, CERT-UA, available at: https:// cert.gov.ua/recommendations/25 (accessed: April 13, 2020).
- Thread Classification Development View, The Web Application Security Consortium, available at: http://projects.webappsec.org/w/page/13246969/ (accessed: April 21, 2020).
- NASA-GB-9719.13: NASA Software Safety Guidebook (2004), NASA Technical Standard, National Aeronautics and Space Administration, Washington D.C., USA.
- Avilov, S. (2014), “Model of project risk arising during software development”, Naulovedenye internet zhurnal, Vol. 5, no 24.
- Saveliev, D. (2019), “Methods for assessing cybersecurity risks of critical information infrastructure”, Modeliuvannia ta informatsiini tekhnolohii, Vol. 89, pp. 136-149.