all InfoSec news
A GDPR-compliant Risk Management Approach based on Threat Modelling and ISO 27005. (arXiv:2306.04783v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Computer systems process, store and transfer sensitive information which
makes them a valuable asset. Despite the existence of standards such as ISO
27005 for managing information risk, cyber threats are increasing, exposing
such systems to security breaches, and at the same time, compromising users'
privacy. However, threat modelling has also emerged as an alternative to
identify and analyze them, reducing the attack landscape by discarding low-risk
attack vectors, and mitigating high-risk ones. In this work, we introduce a
novel threat-modelling-based …
asset breaches computer cyber cyber threats exposing gdpr information iso management privacy process risk risk management security security breaches sensitive information standards store systems threat threat modelling threats transfer