Author(s)

Jing Yuan, Weihong Ren

Corresponding Author

Jing Yuan

Abstract

In order to accurately and comprehensively measure network security risks, the paper proposes a risk assessment method based on business processes. The method is based on STRIDE threat modeling method, and adopts a cocoon-peeling layer-by-layer analysis method from a business perspective. By decomposing business scenes, a data flow diagram is drawn, potential threats of all objects in the data flow diagram are analyzed, and a corresponding threat list is formed. On this basis, corresponding threat mitigation measures are found for each type of threat, and the existing security problems are analyzed. According to the importance of the business process, the possibility of threats and the severity of security problems, the network security risks of the business are measured. This method has been applied in the core business system of a large enterprise, which can truly reflect the network security risks of business processes and verify its feasibility and effectiveness

Keywords

Business process, Risk assessment, Threat modeling, Network security, data flow