The best way to conference proceedings by Francis Academic Press

Web of Proceedings - Francis Academic Press
Web of Proceedings - Francis Academic Press

Application of STRIDE-based Business Process Risk Assessment Method

Download as PDF

DOI: 10.25236/iwass.2020.062


Jing Yuan, Weihong Ren

Corresponding Author

Jing Yuan


In order to accurately and comprehensively measure network security risks, the paper proposes a risk assessment method based on business processes. The method is based on STRIDE threat modeling method, and adopts a cocoon-peeling layer-by-layer analysis method from a business perspective. By decomposing business scenes, a data flow diagram is drawn, potential threats of all objects in the data flow diagram are analyzed, and a corresponding threat list is formed. On this basis, corresponding threat mitigation measures are found for each type of threat, and the existing security problems are analyzed. According to the importance of the business process, the possibility of threats and the severity of security problems, the network security risks of the business are measured. This method has been applied in the core business system of a large enterprise, which can truly reflect the network security risks of business processes and verify its feasibility and effectiveness


Business process, Risk assessment, Threat modeling, Network security, data flow