Threat modeling: a study on its application in digital transformation from the perspective of risk

Authors

DOI:

https://doi.org/10.7769/gesec.v14i1.1581

Keywords:

Information Security, Threat Modeling, Digital Transformation, Risk Management, Cyber Risk

Abstract

Information security is a topic that has been increasingly discussed nowadays after the beginning of the pandemic and its understanding has been fundamental to protect information in several organizations. The present study aims to identify and analyze the application of threat modeling in digital transformation from the perspective of information security risks. For the development of the research, a systematic review of the literature was conducted with the adoption of a protocol based on PRISMA-P to identify which threat modeling techniques have been applied in digital transformation and which information security risk approaches are used in the application of the threat modeling. The result of this study suggests that threat modeling applied in digital transformation uses customized models by means of unspecified techniques and that qualitative risk approaches have been adopted more frequently in digital transformation.

Downloads

Download data is not yet available.

References

ARIA, M.; CUCCURULLO, C. Bibliometrix: An R-tool for comprehensive science mapping analysis. Journal of informetrics, v. 11, n. 4, p. 959-975, 2017. DOI: https://doi.org/10.1016/j.joi.2017.08.007

BICAN, P.M.; BREM, A. Digital business model, digital transformation, digital entrepreneurship: Is there a sustainable “digital”? Sustainability, v.12, n.13, p.5239, 2020. DOI: https://doi.org/10.3390/su12135239

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION; INTERNATIONAL ELECTROTECHNICAL COMMISSION. ISO/IEC 27001:2022

Information security, cybersecurity and privacy protection - Information security management systems - Requirements. Geneva: ISO/IEC, 2022.

INTERNATIONAL ORGANIZATION FOR STANDARDIZATION; INTERNATIONAL ELECTROTECHNICAL COMMISSION. ISO/IEC 27005:2022

Information security, cybersecurity and privacy protection - Guidance on managing information security risks. Geneva: ISO/IEC, 2022.

ISLAM, S.M.R. et al. The internet of things for health care: a comprehensive survey.

IEEE access, v. 3, p. 678-708, 2015. DOI: https://doi.org/10.1109/ACCESS.2015.2437951

KALTUM, U.; WIDODO, A.; YANUARDI, A.W. Local TV goes to global market through digital transformation. Academy of Strategic Management Journal, v. 15, p. 221-229, 2016.

MANADHATA, P.K.; WING, J.M. A formal model for a system’s attack surface. In:

Moving Target Defense. Springer, New York, NY, 2011. p. 1-28.

MOHER, D. et al. Preferred reporting items for systematic review and meta-analysis

protocols (PRISMA-P) 2015 statement. Systematic reviews, v. 4, n. 1, p. 1-9, 2015.

SCANDARIATO, R.; WUYTS, K.; JOOSEN, W. A descriptive study of Microsoft’s

threat modeling technique. Requirements Engineering, v. 20, n. 2, p. 163-180, 2015.

UCEDAVELEZ, T.; MORANA, M.M. Risk Centric Threat Modeling: process for

attack simulation and threat analysis. John Wiley & Sons, 2015.

YOKOYAMA, R.; ARIMA, C.H. Análise textual e bibliométrica sobre modelagem de

ameaça. Brazilian Journal of Development, v. 8, n. 1, p. 7678-7690, 2022. DOI: https://doi.org/10.34117/bjdv8n1-514

YOKOYAMA, Rodrigo; ARIMA, Carlos Hideo. Modelagem de ameaça, análise de risco e suas aplicações na literatura, International Journal of Development Research, 12, (04), 55049-55055. 2022.

Downloads

Published

2023-01-24

How to Cite

Junior , A. S. C., & Arima, C. H. (2023). Threat modeling: a study on its application in digital transformation from the perspective of risk. Revista De Gestão E Secretariado (Management and Administrative Professional Review), 14(1), 1158–1169. https://doi.org/10.7769/gesec.v14i1.1581