The Experts below are selected from a list of 186327 Experts worldwide ranked by ideXlab platform
N.b Zannone - One of the best experts on this subject based on the ideXlab platform.
-
Metrisec@ESEM - Security Risk Management by Qualitative Vulnerability Analysis
2011 Third International Workshop on Security Measurements and Metrics, 2011Co-Authors: Golnaz Elahi, Eric Yu, N.b ZannoneAbstract:Security Risk assessment in the requirements phase is challenging because Risk factors, such as probability and damage of attacks, are not always numerically measurable or available in the early phases of development. This makes the selection of proper security solutions problematic because mitigating impacts and side-effects of solutions are not often quantifiable. In the early development phases, analysts need to assess Risks in the absence of numerical measures or deal with a mixture of quantitative and qualitative data. We propose a Risk Analysis Process which intertwines security requirements engineering with a vulnerability-centric and qualitative Risk Analysis method. The proposed method is qualitative and vulnerability-centric, in the sense that by identifying and analyzing common vulnerabilities the probability and damage of Risks are evaluated qualitatively. We also propose an algorithmic decision Analysis method that considers Risk factors and alternative security solutions, and helps analysts select the most cost-effective solution. The decision Analysis method enables making a decision when some of the available data is qualitative.
-
security Risk management by qualitative vulnerability Analysis
International Workshop on Security, 2011Co-Authors: Golnaz Elahi, N.b ZannoneAbstract:Security Risk assessment in the requirements phase is challenging because Risk factors, such as probability and damage of attacks, are not always numerically measurable or available in the early phases of development. This makes the selection of proper security solutions problematic because mitigating impacts and side-effects of solutions are not often quantifiable. In the early development phases, analysts need to assess Risks in the absence of numerical measures or deal with a mixture of quantitative and qualitative data. We propose a Risk Analysis Process which intertwines security requirements engineering with a vulnerability-centric and qualitative Risk Analysis method. The proposed method is qualitative and vulnerability-centric, in the sense that by identifying and analyzing common vulnerabilities the probability and damage of Risks are evaluated qualitatively. We also propose an algorithmic decision Analysis method that considers Risk factors and alternative security solutions, and helps analysts select the most cost-effective solution. The decision Analysis method enables making a decision when some of the available data is qualitative.
Andreas Jacobsson - One of the best experts on this subject based on the ideXlab platform.
-
a novel security enhanced agile software development Process applied in an industrial setting
Availability Reliability and Security, 2015Co-Authors: Dejan Baca, Martin Boldt, Bengt Carlsson, Andreas JacobssonAbstract:A security-enhanced agile software development Process, SEAP, is introduced in the development of a mobile money transfer system at Ericsson Corp. A specific characteristic of SEAP is that it includes a security group consisting of four different competences, i.e., Security manager, security architect, security master and penetration tester. Another significant feature of SEAP is an integrated Risk Analysis Process. In analyzing Risks in the development of the mobile money transfer system, a general finding was that SEAP either solves Risks that were previously postponed or solves a larger proportion of the Risks in a timely manner. The previous software development Process, i.e., The baseline Process of the comparison outlined in this paper, required 2.7 employee hours spent for every Risk identified in the Analysis Process compared to, on the average, 1.5 hours for the SEAP. The baseline development Process left 50% of the Risks unattended in the software version being developed, while SEAP reduced that figure to 22%. Furthermore, SEAP increased the proportion of Risks that were corrected from 12.5% to 67.1%, i.e., More than a five times increment. This is important, since an early correction may avoid severe attacks in the future. The security competence in SEAP accounts for 5% of the personnel cost in the mobile money transfer system project. As a comparison, the corresponding figure, i.e., For security, was 1% in the previous development Process.
-
ARES - A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting
2015 10th International Conference on Availability Reliability and Security, 2015Co-Authors: Dejan Baca, Martin Boldt, Bengt Carlsson, Andreas JacobssonAbstract:A security-enhanced agile software development Process, SEAP, is introduced in the development of a mobile money transfer system at Ericsson Corp. A specific characteristic of SEAP is that it includes a security group consisting of four different competences, i.e., Security manager, security architect, security master and penetration tester. Another significant feature of SEAP is an integrated Risk Analysis Process. In analyzing Risks in the development of the mobile money transfer system, a general finding was that SEAP either solves Risks that were previously postponed or solves a larger proportion of the Risks in a timely manner. The previous software development Process, i.e., The baseline Process of the comparison outlined in this paper, required 2.7 employee hours spent for every Risk identified in the Analysis Process compared to, on the average, 1.5 hours for the SEAP. The baseline development Process left 50% of the Risks unattended in the software version being developed, while SEAP reduced that figure to 22%. Furthermore, SEAP increased the proportion of Risks that were corrected from 12.5% to 67.1%, i.e., More than a five times increment. This is important, since an early correction may avoid severe attacks in the future. The security competence in SEAP accounts for 5% of the personnel cost in the mobile money transfer system project. As a comparison, the corresponding figure, i.e., For security, was 1% in the previous development Process.
Elisabeth Waigmann - One of the best experts on this subject based on the ideXlab platform.
-
EFSA’s scientific activities and achievements on the Risk assessment of genetically modified organisms (GMOs) during its first decade of existence: looking back and ahead
Transgenic Research, 2014Co-Authors: Yann Devos, Jaime Aguilera, Zoltán Diveki, Ana Gomes, Yi Liu, Claudia Paoletti, Patrick Jardin, Lieve Herman, Joe N. Perry, Elisabeth WaigmannAbstract:Genetically modified organisms (GMOs) and derived food and feed products are subject to a Risk Analysis and regulatory approval before they can enter the market in the European Union (EU). In this Risk Analysis Process, the role of the European Food Safety Authority (EFSA), which was created in 2002 in response to multiple food crises, is to independently assess and provide scientific advice to Risk managers on any possible Risks that the use of GMOs may pose to human and animal health and the environment. EFSA’s scientific advice is elaborated by its GMO Panel with the scientific support of several working groups and EFSA’s GMO Unit. This review presents EFSA’s scientific activities and highlights its achievements on the Risk assessment of GMOs for the first 10 years of its existence. Since 2002, EFSA has issued 69 scientific opinions on genetically modified (GM) plant market registration applications, of which 62 for import and Processing for food and feed uses, six for cultivation and one for the use of pollen (as or in food), and 19 scientific opinions on applications for marketing products made with GM microorganisms. Several guidelines for the Risk assessment of GM plants, GM microorganisms and GM animals, as well as on specific issues such as post-market environmental monitoring (PMEM) were elaborated. EFSA also provided scientific advice upon request of the European Commission on safeguard clause and emergency measures invoked by EU Member States, annual PMEM reports, the potential Risks of new biotechnology-based plant breeding techniques, evaluations of previously assessed GMOs in the light of new scientific publications, and the use of antibiotic resistance marker genes in GM plants. Future challenges relevant to the Risk assessment of GMOs are discussed. EFSA’s Risk assessments of GMO applications ensure that data are analysed and presented in a way that facilitates scientifically sound decisions that protect human and animal health and the environment.
-
efsa s scientific activities and achievements on the Risk assessment of genetically modified organisms gmos during its first decade of existence looking back and ahead
Transgenic Research, 2014Co-Authors: Yann Devos, Jaime Aguilera, Zoltán Diveki, Ana Gomes, Yi Liu, Claudia Paoletti, Patrick Jardin, Lieve Herman, Joe N. Perry, Elisabeth WaigmannAbstract:Genetically modified organisms (GMOs) and derived food and feed products are subject to a Risk Analysis and regulatory approval before they can enter the market in the European Union (EU). In this Risk Analysis Process, the role of the European Food Safety Authority (EFSA), which was created in 2002 in response to multiple food crises, is to independently assess and provide scientific advice to Risk managers on any possible Risks that the use of GMOs may pose to human and animal health and the environment. EFSA’s scientific advice is elaborated by its GMO Panel with the scientific support of several working groups and EFSA’s GMO Unit. This review presents EFSA’s scientific activities and highlights its achievements on the Risk assessment of GMOs for the first 10 years of its existence. Since 2002, EFSA has issued 69 scientific opinions on genetically modified (GM) plant market registration applications, of which 62 for import and Processing for food and feed uses, six for cultivation and one for the use of pollen (as or in food), and 19 scientific opinions on applications for marketing products made with GM microorganisms. Several guidelines for the Risk assessment of GM plants, GM microorganisms and GM animals, as well as on specific issues such as post-market environmental monitoring (PMEM) were elaborated. EFSA also provided scientific advice upon request of the European Commission on safeguard clause and emergency measures invoked by EU Member States, annual PMEM reports, the potential Risks of new biotechnology-based plant breeding techniques, evaluations of previously assessed GMOs in the light of new scientific publications, and the use of antibiotic resistance marker genes in GM plants. Future challenges relevant to the Risk assessment of GMOs are discussed. EFSA’s Risk assessments of GMO applications ensure that data are analysed and presented in a way that facilitates scientifically sound decisions that protect human and animal health and the environment.
Golnaz Elahi - One of the best experts on this subject based on the ideXlab platform.
-
Metrisec@ESEM - Security Risk Management by Qualitative Vulnerability Analysis
2011 Third International Workshop on Security Measurements and Metrics, 2011Co-Authors: Golnaz Elahi, Eric Yu, N.b ZannoneAbstract:Security Risk assessment in the requirements phase is challenging because Risk factors, such as probability and damage of attacks, are not always numerically measurable or available in the early phases of development. This makes the selection of proper security solutions problematic because mitigating impacts and side-effects of solutions are not often quantifiable. In the early development phases, analysts need to assess Risks in the absence of numerical measures or deal with a mixture of quantitative and qualitative data. We propose a Risk Analysis Process which intertwines security requirements engineering with a vulnerability-centric and qualitative Risk Analysis method. The proposed method is qualitative and vulnerability-centric, in the sense that by identifying and analyzing common vulnerabilities the probability and damage of Risks are evaluated qualitatively. We also propose an algorithmic decision Analysis method that considers Risk factors and alternative security solutions, and helps analysts select the most cost-effective solution. The decision Analysis method enables making a decision when some of the available data is qualitative.
-
security Risk management by qualitative vulnerability Analysis
International Workshop on Security, 2011Co-Authors: Golnaz Elahi, N.b ZannoneAbstract:Security Risk assessment in the requirements phase is challenging because Risk factors, such as probability and damage of attacks, are not always numerically measurable or available in the early phases of development. This makes the selection of proper security solutions problematic because mitigating impacts and side-effects of solutions are not often quantifiable. In the early development phases, analysts need to assess Risks in the absence of numerical measures or deal with a mixture of quantitative and qualitative data. We propose a Risk Analysis Process which intertwines security requirements engineering with a vulnerability-centric and qualitative Risk Analysis method. The proposed method is qualitative and vulnerability-centric, in the sense that by identifying and analyzing common vulnerabilities the probability and damage of Risks are evaluated qualitatively. We also propose an algorithmic decision Analysis method that considers Risk factors and alternative security solutions, and helps analysts select the most cost-effective solution. The decision Analysis method enables making a decision when some of the available data is qualitative.
Andreas Hensel - One of the best experts on this subject based on the ideXlab platform.
-
Expertise for the future: learning and training in the area of food safety Risk assessment
EFSA Journal, 2016Co-Authors: A Bosman, Paul Brent, Pier Sandro Cocconcelli, Gráinne Conole, Dominique Gombert, Andreas Hensel, Dimitra Kardassi, Wolfgang Kneifel, Stylianos Koulouris, Amadeu M.v.m. SoaresAbstract:EFSA depends on a system of scientific panels, working groups and the expertise of its staff to perform its role in providing high-quality scientific opinions through food safety Risk assessment. The centralisation of the evaluation at the EU level not only intends to increase efficiency, but also may represent a challenge with regard to maintaining and developing expertise in the areas of food, feed, plant, animal and environmental Risk assessment. The food Risk assessment requires a multidisciplinary and interdisciplinary approach: excellence in relevant fields of science is a prerequisite, although knowledge of the full Risk Analysis Process, the EU food law, consumer behaviour, international relations and skills in Risk communication is also needed. To handle future challenges regarding food safety Risk assessment in an ever-changing and increasingly complex environment, the appropriate expertise needs to be identified and a model of specialised and continuous training is required. The state of the art and the future of education in Risk assessment are presented. The following issues are put forward in this special issue: new technologies implemented in Risk assessment training; current developments in higher education and training on food safety Risk assessment and regulatory science in the EU and worldwide; challenges in training on general Risk assessment, food safety Risk assessment and environmental Risk assessment; best practices and techniques; future developments in capacity building for Risk assessment training; and the increased need for training of professionals.
-
Management recommendations of the Federal Institute for Risk Assessment (BfR) after the international BfR symposium "Towards a Risk Analysis of Antibiotic Resistance".
International Journal of Medical Microbiology, 2006Co-Authors: Reiner Helmuth, Andreas HenselAbstract:The results of four expert working groups on the Risk Analysis Process on antimicrobial resistance are described. They focus on the procedures recommended by the FAO/WHO CODEX Alimentarius Commission in 1999 including hazard identification, hazard characterization, exposure assessment and Risk characterization. In all four areas, the current scientific knowledge was evaluated and recommendations for Risk management options were given. They will form the basis for mitigating the health Risk due to resistant microorganisms.
-
Towards the Rational Use of Antibiotics: Results of the First International Symposium on the Risk Analysis of Antibiotic Resistance
Journal of veterinary medicine. B Infectious diseases and veterinary public health, 2004Co-Authors: Reiner Helmuth, Andreas HenselAbstract:The results of four expert working groups on the Risk Analysis Process on anti-microbial resistance are described. They focus on the procedure recommended by the FAO/WHO CODEX Alimentarius Commission in 1999 including hazard identification, hazard characterization, exposure assessment and Risk characterization. In all four areas, the current scientific knowledge was evaluated and recommendations for Risk management options were given. They will form the basis for mitigating the health Risk caused by resistant micro-organisms.
