Application of the Threat Modeling Method In an Operating System-Reference-Cited by-同舟云学术

Application of the Threat Modeling Method In an Operating System

Published:2023-04-19 Issue:4 Volume:14 Page:5102-5122
ISSN:2178-9010
Container-title:Revista de Gestão e Secretariado (Management and Administrative Professional Review)
language:
Short-container-title:R. G. Secr.

Author:

Yokoyama Rodrigo,Arima Carlos Hideo

Abstract

Due to the increase in professionals adopting the home office model due to the COVID-19 pandemic, the threat to company information and assets has become more evident. This work aims to identify, describe and evaluate the impacts of applying the threat modeling method, using risk management standards, on corporate computers with the aid of a monitoring system. The proposed method for application suggests the adoption of processes and a system for updating, controlling and managing the Windows Operating System to reduce the threats faced. The research identified security using the STRIDE and DREAD methods and the ISO and NIST security standards. It verified 14 types of threats found in an operating system that can be properly identified and mitigated with the threat exploitation method.

Publisher

South Florida Publishing LLC

Subject

Materials Science (miscellaneous)

Reference17 articles.

1. Agência Brasil. Home office foi adotado por 46% das empresas durante a pandemia. 2020. available at: https://agenciabrasil.ebc.com.br/economia/noticia/2020-07/home-office-foi-adotado-por-46-das-empresas-durante-pandemia. Access on 05/07/22.

2. Bodeau, D. J., McCollum, C. D., & Fox, D. B. (2018). Cyber threat modeling: Survey, assessment, and representative framework. MITRE CORP MCLEAN VA MCLEAN.

3. Jeyaraj, A., & Zadeh, A. (2020). Institutional isomorphism in organizational cybersecurity: A text analytics approach. Journal of Organizational Computing and Electronic Commerce, 30(4), 361-380. ISO/IEC. ISO/IEC 27001: Information security management systems - Overview and vocabulary, 2013, available at: https://www. abntcatalogo.com.br/ Access on: 01/09/2021

4. ISO/IEC. ISO/IEC 27002: code of practice for information security management, 2013, available at: https://www.abntcatalogo.com.br/ Access on: 01/09/2021

5. ISO/IEC. ISO/IEC 27005: Information security risk management, 2019, available at: https://www.abntcatalogo.com.br/ Access on: 01/09/2021