Understanding and analysing security risks is an essential task when designing and maintaining a systems’ security. The first risk analysis should be performed during the system design. Identified risks have to be updated during the lifecycle when security controls are implemented or new threats appear. Visualization facilitates the risk analysis process, but visualizing the huge amount of risks with diverse causalities is challenging. This paper concentrates on risk visualization and related challenges. The paper presents a semantic model for risk visualization and structuring implemented into the Metric Visualization System (MVS). The proposed model and tool support make risk visualization consistent and ensures that it includes mutual connections of risks. The contribution helps designers to analyse risks and to select security controls in a justified manner.
Outi-Marja Latvala, Jyri Toivonen, Antti Evesti (VTT), Markus Sihvonen, Vesa Jordan (MPY): Security Risk Visualization with Semantic Risk Model