Threat modeling: a study on its application in digital transformation from the perspective of risk

Abinel Santiago Cerqueira Junior; Carlos Hideo Arima

doi:10.7769/gesec.v14i1.1581

Threat modeling: a study on its application in digital transformation from the perspective of risk

Authors

Abinel Santiago Cerqueira Junior https://orcid.org/0000-0003-2256-941X
Carlos Hideo Arima https://orcid.org/0000-0001-7922-0943

DOI:

https://doi.org/10.7769/gesec.v14i1.1581

Keywords:

Information Security, Threat Modeling, Digital Transformation, Risk Management, Cyber Risk

Abstract

Information security is a topic that has been increasingly discussed nowadays after the beginning of the pandemic and its understanding has been fundamental to protect information in several organizations. The present study aims to identify and analyze the application of threat modeling in digital transformation from the perspective of information security risks. For the development of the research, a systematic review of the literature was conducted with the adoption of a protocol based on PRISMA-P to identify which threat modeling techniques have been applied in digital transformation and which information security risk approaches are used in the application of the threat modeling. The result of this study suggests that threat modeling applied in digital transformation uses customized models by means of unspecified techniques and that qualitative risk approaches have been adopted more frequently in digital transformation.

Downloads

Download data is not yet available.

References

ARIA, M.; CUCCURULLO, C. Bibliometrix: An R-tool for comprehensive science mapping analysis. Journal of informetrics, v. 11, n. 4, p. 959-975, 2017. DOI: https://doi.org/10.1016/j.joi.2017.08.007

BICAN, P.M.; BREM, A. Digital business model, digital transformation, digital entrepreneurship: Is there a sustainable “digital”? Sustainability, v.12, n.13, p.5239, 2020. DOI: https://doi.org/10.3390/su12135239

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION; INTERNATIONAL ELECTROTECHNICAL COMMISSION. ISO/IEC 27001:2022

Information security, cybersecurity and privacy protection - Information security management systems - Requirements. Geneva: ISO/IEC, 2022.

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION; INTERNATIONAL ELECTROTECHNICAL COMMISSION. ISO/IEC 27005:2022

Information security, cybersecurity and privacy protection - Guidance on managing information security risks. Geneva: ISO/IEC, 2022.

ISLAM, S.M.R. et al. The internet of things for health care: a comprehensive survey.

IEEE access, v. 3, p. 678-708, 2015. DOI: https://doi.org/10.1109/ACCESS.2015.2437951

KALTUM, U.; WIDODO, A.; YANUARDI, A.W. Local TV goes to global market through digital transformation. Academy of Strategic Management Journal, v. 15, p. 221-229, 2016.

MANADHATA, P.K.; WING, J.M. A formal model for a system’s attack surface. In:

Moving Target Defense. Springer, New York, NY, 2011. p. 1-28.

MOHER, D. et al. Preferred reporting items for systematic review and meta-analysis

protocols (PRISMA-P) 2015 statement. Systematic reviews, v. 4, n. 1, p. 1-9, 2015.

SCANDARIATO, R.; WUYTS, K.; JOOSEN, W. A descriptive study of Microsoft’s

threat modeling technique. Requirements Engineering, v. 20, n. 2, p. 163-180, 2015.

UCEDAVELEZ, T.; MORANA, M.M. Risk Centric Threat Modeling: process for

attack simulation and threat analysis. John Wiley & Sons, 2015.

YOKOYAMA, R.; ARIMA, C.H. Análise textual e bibliométrica sobre modelagem de

ameaça. Brazilian Journal of Development, v. 8, n. 1, p. 7678-7690, 2022. DOI: https://doi.org/10.34117/bjdv8n1-514

YOKOYAMA, Rodrigo; ARIMA, Carlos Hideo. Modelagem de ameaça, análise de risco e suas aplicações na literatura, International Journal of Development Research, 12, (04), 55049-55055. 2022.

Downloads

Published

2023-01-24

How to Cite

Junior , A. S. C., & Arima, C. H. (2023). Threat modeling: a study on its application in digital transformation from the perspective of risk. Revista De Gestão E Secretariado (Management and Administrative Professional Review), 14(1), 1158–1169. https://doi.org/10.7769/gesec.v14i1.1581

Download Citation

Issue

Vol. 14 No. 1 (2023): Revista de Gestão e Secretariado v.14, n.1, 2023

Section

Artigos

License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who publish with this journal agree to the following terms:

• 1. The author(s) authorize the publication of the article in the journal.

• 2. The author(s) ensure that the contribution is original and unpublished and is not being evaluated in other journal(s).

• 3. The journal is not responsible for the opinions, ideas and concepts expressed in the texts because they are the sole responsibility of the author(s).

• 4. The publishers reserve the right to make adjustments and textual adaptation to the norms of APA.

• 5. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

• 6. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

• 7. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access) at http://opcit.eprints.org/oacitation-biblio.html