Abstract image of a woman sitting on books and studying on a laptop

Software data privacy threat analysis metric using no trust privacy risk metric

Valdez Ladd MBA, CISSP, CISA,, profile picture
Valdez Ladd MBA, CISSP, CISA,

This document introduces the Linddun Privacy Risk Indicator (LPRI), a new metric for assessing data privacy security during software testing, which integrates privacy-specific threat analysis into the software development process. It emphasizes the necessity of quantifying both data privacy and security to support the creation of privacy requirements from business documents, thereby allowing software testers to enhance security policies related to privacy in various applications, including Zero Trust Networks and access control systems. The method outlined aims to improve the traceability and effectiveness of privacy testing in software systems by utilizing established frameworks such as Linddun and Microsoft's Security Development Lifecycle.

Technology
Related topics:
Software Testing Insights Data Privacy
1 of 12
Downloaded 18 times
1
2
3
4
5
6
7
8
9
10
11
12
 Software Data Privacy Threat Analysis Metric using the LINDUNN Extension: LPRI         Author: Valdez Ladd  Abstract:   Today data privacy at the software testing level is too often treated as a non­ functional requirement. Software security is tested, but seldom with data privacy­specific  testing. This paper's goal has been to present a new method for developing a data privacy  security metric during software testing that incorporate privacy­specific threat analysis. This new metric is based on a quantified version of the LINDDUN Privacy framework based  on Deng, Wyuts, All doctoral research. [Deng 2010] The functional specifications of a  software application can now include data privacy requirements from the Business  requirements document (BRD). The software testing team when creating their test suites  can setup test cases for privacy­specific requirements and assign a metric. This allows the  software quality analyst to add use the Security Requirements Traceability Matrix (STRM)  to include and track the progress of data privacy within the test cases for the software  application.  It is hoped that this method will enhance software security to enables better  privacy­specific security policy controls. Both security and privacy should be tested. This  new software privacy­specific metric based on LINDDUN is called the LINDDUN Privacy  Risk Indicator (LPRI).  One use case would be adding the LPRI as a new property for privacy­specific security  policy controls in Attribute Based Access Control (ABAC) such as Zero Trust Networks  implementations using micro­segmentation of virtual machine deployments. OAuth and  OpenID which use bearer tokens with no inherent security besides optional MAC integrity  depend on trust would benefit if privacy­specific mechanisms could be invoked.  Do note that the LINDDUN privacy threat analysis framework is a non­trivial tool itself and  requires new training for the software quality analyst. This is outside the scope of this  research paper.    LINDDUN (Link­ability, Identifiability, Non­repudiation, Detectability, information  Disclosure, content Unawareness, and policy­and­consent Non­compliance) [Deng 2014]
Evolution of a new privacy­specific threat metric: LPRI Corporations today are forging greater number of links to external organizations and third  party providers. This is seen with the increasing numbers of business connections outside  the enterprise by customers, employees, and business partners. Increased business  relationships of various forms including relationships in a "coopetition"a situation where a  competitor in one field is also a business partner in another.[Dubrawsky 2007] This has led many corporations to complex and sometimes overlapping span of control of corporate data that have eroded traditional borders.  This is illustrated in image 1 Image 1   Overlapping Trust Boundaries  [whatiscloud.com, 2015]   Privacy  and Trust Boundaries  Before the Internet and Cloud permeated  the corporation perimeter privacy was built upon trust within the secure confines within the technology, people and processes of the  business unit.   This is reflected in Conway’s law, (Melvin Conway) who observed that  “organizations which design systems … are constrained to produce designs which are  copies of the communication structures of these organizations.” [Sussna 2015] This  made the idea of a Privacy Impact Analysis of software easier as it pointed to the concept of confidentiality being constrained by the trust boundaries of the corporation’s application  security.    The infamous” De­perimeterization” has arrived in full today under the umbrella of Cloud  Computing and its many supporting technologies that are rapidly converging. Both cyber­ security and cyber­privacy are seeing the same effects of de­perimeterization that the  Jericho Forum  described to “describe the erosion of the traditional ‘secure’ perimeters, or ‘network boundaries’, as mediators of trust and security.” ( Privacy and Security can  not be equal when they are extended beyond the borders (trust boundaries) of the  corporation. [Dubrawsky 2007]
Therefore external business partners need more application aware information (metadata)  to determine trust. In contrast to the previous image showing overlapping trust boundaries  the traditional boundary appears archaic as the number of external linkages are too limited  for context awareness of application authentication. Privacy  A short definition First natural privacy is defined by law has traditionally been described as  the right and ability of a person to define and live his or her life in a self­determined  manner. Notice the village or city where the person lived by their cultural norms and laws  defined the boundaries of the rights of privacy.[Dennedy 2014] Data Privacy  Today in a high­technology society any computer data that is captured and recorded about  the person by observation, or self created when creating an E­mail or Bank account. This  computerized collection of personally identifiable information or data and the application  privacy management is called substantive privacy legally, bit for this paper is named data  privacy. [Dennedy 2014] Extending Privacy Threat Analysis frameworks There are many security metrics and analysis for applications. While a few cover data  privacy there are none with any metrics to assist in assessing the software that are  produced during a      (STRM) analysis of an application’s software  requirements. Now we will use the LINDDUN Privacy framework and the Microsoft Security Development  Lifecycle's security and threat properties to create our new privacy metric. You will see  these charts used later in this article for calculating the metric scales for these two  frameworks used by Dr Deng and associates in their research.[Deng 2014]   Adam Shostack in his book, “Threat Modeling: Designing for Security”, has chapter six  covering several privacy tools such as Solove's Taxonomy of Privacy, Nymity Slider, and  LINDDUN.[Shostack 2014] The most promising of his “privacy tools” listed was LINDDUN.  It appeared to be the framework with a more comprehensive risk analysis of data privacy  threats as it offers a more application­specific data privacy threat framework analysis.    LINDDUN is modeled after Microsoft Corporation’s incident threat analysis tool the  Microsoft Security Development Lifecycle's security and threat properties as per Dr. Mina  Deng. “LINDDUN is a systematic methodology to model privacy­specific threats that is  analogous to Microsoft Security Development Lifecycle”. [Deng 2010]     LINDDUN is an acronym which stands for Link­ability, Identifiability, Non Repudiation,  Detectability, Information Disclosure, Non­Content Unawareness, Non­Consent/policy  Noncompliance. [Deng 2014] It uses an analysis based on a data flow diagram (DFD) . It is  important to note that the DFD itself is considered to be a  “labeled property graph”. [Robinson 2015]
The image below illustrates the data flow diagram (DFD) concept that is the foundation for  LINDDUN privacy threat analysis which originated with the Microsoft Software  Development Lifecycle (SDL).  Image 2   ­ Data Flow Diagram [Deng, 2010]   Deng, Wuyts, et. All; defines the data flow diagram (DFD) in image 3, with the following  elements:  entities, data stores, data flows, and processes for threat modeling. Notice that  the trust boundaries are used to indicate the border between the trustworthy and  untrustworthy elements” [Deng, 2014] LINDUNN is based on the Microsoft Security Development Lifecycle (SDL) Security  Property | Security Threat properties shown below from Dr. Deng research paper. Deng,  2010]   
Image 4, [Deng, 2010, pg. 3] We will use the Microsoft Security Development Lifecycle (SDL) elements listed above as  the starting point as the LINDDUN methodology does. Next we use the assumption that  data privacy is constrained by Confidentiality. The question for this research was how to  achieve a correlation between confidentiality threats and privacy­specific threats for  software security requirements testing purposes? The answer came with the following requirements:  First both security and privacy need to be quantified for analysis.  Second a composite metric had to be produced that exhibited the properties of the  confidentiality – privacy relationship  Third the data flow diagram (DFD) should allow modeling of the confidentiality – privacy  relationship numerically also. The key idea here is that to extract the value of confidentiality from the Microsoft Security  Development Lifecycle (SDL) Security Property | Security Threat elements in correlation  with the LINDDUN Privacy Threat elements. [Deng 2014] This correlation is the data  privacy security­constraint relationship that is not revealed in software functional  testing today. To accomplish this you must quantify confidentiality. This allows us to solve for  Confidentiality divided by Integrity­and­availability (C/IA) instead of CIA which yields only a security metric.  The working model is based a numeric scale for all seven LINDDUN  privacy­specific elements that are tied to  Microsoft's SDL Security Property | Security  Threat elements.  We make the following assumptions for the Confidentiality, Integrity, and availability   to quantify their security properties.  Integrity  is true (1) or false (0 /null)    Availability  is true (1) or false (0 /null)  Confidentiality   ­ privacy (encryption) is true (1) or false (0 /null)  ­ access control       is true (1) or false (0 /null) These numeric scales allows us to solve for confidentiality within the software quality  analysis and testing. The functional specifications of software application testing can now  include privacy requirements from the Business requirements document (BRD). LINDDUN Privacy Risk Indicator  (LPRI) – A Composite Analysis Metric:  The highest value of the Microsoft Security Development Lifecycle's Confidentiality property is also the highest possible value any of the the individual LINDDUN properties that is used  to calculate the LPRI metric. This is the security constraint that links the Confidentiality  property in Microsoft Security Development Lifecycle to the LINDDUN privacy properties. It is a metric that creates a composite image of the application’s data security and privacy  threat violations. It allows the analysis of  the Data Flow Diagram (DFD) used for numeric  analysis of data privacy. (Deng, 2010, p.2)  Our article declares the DFD as a labeled 
property graph with distinct properties. These properties are listed in detail in the  appendix.  Traceability Matrix for Security Requirements (SRTM) for Security­and­Privacy  The Traceability Matrix for Security Requirements (SRTM) it is a part of the Functional  Specifications document (FSD) based on the interpretation of the Business requirements  document (BRD) as regulated by law and business demands. The purpose of any  Requirements Traceability Matrix for Security Risk  is to ensure that all requirements  defined for a system are tested in the test protocols. For each test scenario that you came  up with, you are going to have at least 1 or more test cases for the software application. It should include the security requirements, and the privacy requirements at the software's  functional specifications such as banking records processing. Also it allows the software  quality tester to extrapolate the results for defects and errors during testing and  verification. Though these tests may include static, dynamic and fuzzy both manual and  automated for the software test cases. An example is listed below for illustration.   Image 5 ­ Traceability Matrix for software:   Business Requirements | Test Scenarios | Test Case ID    Security and Privacy Metrics Measurement  Scales The sample problem here has a higher privacy weight  of two (2) unlike the other Microsoft Security Development Lifecycle security properties. This is done because the main target of  evaluation is privacy. As we showed earlier confidentiality has two security properties while integrity and availability have one each.
 Security and Privacy Metrics  Calculation Methods     1) Create a scale with the Microsoft Security Development Lifecycle properties. Microsoft Security Development Lifecycle  All security – threat pairs have a range 0­1,  except Confidentiality 0­2 Sum up all six properties sum of all seven properties over range 0­7 Convert product to a decimal value.   2) Create a scale using the LINDDUN properties LINDDUN properties ­ range 0­2 sum of all seven properties over range, i.e., 5/7  Convert product to a decimal value. Multiple the Microsoft Security Development Lifecycle metrics decimal value  times the  LINDDUN metrics decimal value This creates the LINDDUN Privacy Indicator (LPRI). It is a composite metric that solves for confidentiality as a privacy threat indicator. Microsoft Security Development Lifecycle  Scale Security Property | Security Threat   LINDDUN Scale   Privacy Threat Metrics      Authentication     | Spoofing           0­1 Integrity          | Tampering           0­1 Non­repudiation  | Repudiation             0­1  Confidentiality   | Information              0­2  Disclosure   Availability         | Denial of Service        0­1 Authorization     | Elevation of Privilege 0­1 ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ Microsoft Security Development Lifecycle  Index range  0­7,  Ratio  X / 7 Examples:   perfect security 7/7 = 1.0,    Non perfect  security   5/7 = 0.7142        Link­ability (0 ­2) Identifiability (0 ­2) Non­Repudiation (0 ­2) Detectability (0 ­2) Information Disclosure                 (0 ­2) Content Unawareness                   (0­2) Non­Consent/                               (0 ­2) policy Noncompliance ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ LINDDUN Index range  0­14,    Ratio  X / 14 Example:   perfect privacy 14/14 = 1.0,    Non perfect privacy  9/14 = 0.6428   Table 1  ­ MS SDL & LINDDUN Scales Concise example: Confidentiality (SDL Index x LINDDUN Index) = LPRI  (LINDDUN Privacy Risk Indicator) C(0.7142  x   0.6428) = LPRI  0.4590  LPRI =  0.4590 [ Privacy Metric ] 
This ends the arithmetic example of the methodology used to calculate the LPRI. Use Cases for a data privacy security metric for software  The LINDDUN Privacy Risk Indicator (LPRI) metric has at least two new use cases. 1. Zero Trust Network (micro segmentation) and Software Defined Perimeter can add the LPRI privacy metric to their security policy for virtual machine firewall controls. 2. Role­based access control (RBAC), and Attribute­based access control (ABAC) can add  privacy context as part of their security policy Conclusion Our paper has explored how to combine two existing security and privacy frameworks to  create a new privacy metric (LPRI). It allow us to generate a richer, more complex access  control policy by adding privacy measurements during software testing. The functional  specifications of a software application can now include privacy requirements from the  Business requirements document (BRD). The software testing team when creating their test suites can setup test cases for privacy­specific requirements and assign a metric.  This allows the software quality analyst to add use the Security Requirements Traceability  Matrix (STRM) to include and track the progress of data privacy within the test cases for  the software application.  It is hoped that this method will enhance software security to  enables better privacy­specific security policy controls. Both security and privacy should be  tested. This new software privacy­specific metric based on LINDDUN is called the LINDDUN Privacy Risk Indicator (LPRI). The LINDDUN Privacy Risk Indicator LPRI) metric that we created allows software  functionality testing results to be used for more complex security­policy authentication  mechanisms. One use case would be adding the LPRI as a new property for privacy­specific  security policy controls in Attribute Based Access Control (ABAC) such as Zero Trust  Networks implementations using micro­segmentation of virtual machine deployments.  This paper's goal has been to present a new method for developing a data privacy security  metric during software testing that incorporate privacy­specific threat analysis.
Appendix Proof   DFD’s labeled property graph assumptions for the Composite Metric of LINDDUN  Privacy (LPRI)  Metric based on the Microsoft Security Development Lifecycle and  LINDDUN framework scales. Microsoft Security Development  Lifecycle scale Security Property |  Security Threat   LINDDUN Scale   Privacy Threat Metrics      Authentication     | Spoofing     0­1 Integrity          | Tampering     0­1 Non­repudiation  | Repudiation     0­1  Confidentiality     | Information        0­2  Disclosure  Availability          | Denial of Service 0­1 Authorization      |                             0­1 Elevation of Privilege      ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ ­­ Microsoft Security Development  Lifecycle Index range  0­7,  Ratio  X / 7 Examples:   perfect security 7/7 = 1.0,    Non perfect  security   5/7 = 0.7142      Link­ability (0 ­2) Identifiability (0 ­2) Non Repudiation (0 ­2) Repudiation (0 ­2) Detectability (0 ­2) Information Disclosure (0 ­2) Non­Content Unawareness / (0 ­2) Non­Consent/policy Noncompliance ­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­­ ­­ LINDDUN Index range  0­14,    Ratio  X / 14 Example:   perfect privacy 14/14 = 1.0,    Non perfect privacy  9/14 = 0.6428 Table 1  ­ MS SDL & LINDDUN Scales   The highest value of the Microsoft Security Development Lifecycle Confidentiality property  is also the highest possible value any of the the individual LINDDUN properties that is used  to calculate the LPRI metric.  This represents the security constraint that links the Confidentiality property in  Microsoft Security Development Lifecycle to the LINDDUN privacy properties.  That relationship is expressed in the concept of C/IA ( Confidentiality divided by Integrity  times Availability) to solve for privacy.  Confidentiality (SDCL Index x LINDDUN Index) = LPRI C(0.7142  x   0.6428) = LPRI  0.4590 [ Privacy Metric ] LPRI =  0.4590 [ Privacy Metric ] Composite Analysis Metric:    LINDDUN Privacy Risk Indicator  (LPRI).
  It should be noted that this paper treats the DFD (Data Flow Diagram) as a labeled  property graph with the following characteristics: • It contains nodes and relationships. • Nodes contain properties (key­value pairs). key­value  pair:  Key­Privacy­Indicator  LPRI  key­value  pair:  security  threat key­value  pair:  privacy  threat • Nodes can be labeled with one or more labels label:  LPRI label: start node label: end node   • Relationships are named and directed, and always have a start and end node. key­value  pair:  LPRI Duration key­value  pair: SQUISHI Duration  (emergent property over time) *SQUISHI  (symmetrically constrained, quantified unit of intrusion, security  threat,  holistic index)  Security Metrics Measurement Scales They are based on the hypothesis of C divided by IA instead of CIA   (Confidentiality, Integrity, Availability) This allows the Security property to weight Confidentiality higher which permits us to solve for it as a privacy metric. Confidentiality (SDCL Index x LINDDUN Index) = LPRI  (LINDDUN Privacy Risk Indicator) C(0.7142  x   0.6428) = LPRI  0.4590 [ Privacy Metric ] LPRI =  0.4590 [ Privacy Metric ] LINDDUN Privacy Risk Indicator  (LPRI) Metric: Privacy Chaining Data Flow Diagram chaining of new Nodes privacy metrics within an extended labeled  graph.   N1 – N2 (base)         Nx  ______________  x ________= Z LPRI r(oot)                 LPRIΔ r(0.7142) x N3(0.5714) = Z (0.4080) Legend: N1 ­ N2  = base nodes of Data Flow Diagram Nx   =  graph new node numbers, i.e., 3, 4, 5, 6… r = root , the labeled graph root  (base) value for LPRI metric 
 LPRI = change in number of nodesΔ Z = sum of all nodes privacy metrics,  1 is ideal privacy   ● If Z =! 1 then privacy risk increases as the numbers of nodes increases within  the Data Flow Diagram (DFD) End of Appendix ________________________________________________________________________________  List of Illustrations Image 1 Overlapping Trust Boundaries. Retrieved June 11, 2015, Whatiscloud.com, http://whatiscloud.com/static/images/chapter3/03fig09.png Image 2, The Data Flow Diagram (DFD) of the Social Network 2.0 application Deng, M., Wuyts, K., Scandariato, R., Preneel, B., & Joosen, W. (2010). Requirements  Engineering, 16(1), pg 2. doi:10.1007/S00766­01000115­7,  Image 3 Traceability Matrix How to Create Requirements Traceability Matrix – Exact Process with Sample TM Template (Software Testing Help RSS)  http://www.softwaretestinghelp.com/requirements­traceability­matrix/ References Cutillo, L. A., Molva, R., & Onen, M. (2011). Analysis of Privacy in Online Social Networks  from the Graph Theory Perspective. Global Telecommunications Conference (GLOBECOM  2011), 2011 IEEE, 1 ­ 5. doi:10.1109/GLOCOM.2011.6133517 Data Breach Investigations Report | Verizon Enterprise Solutions. (n.d.). Retrieved from  http://www.verizonenterprise.com/DBIR/ Deng, M., Wuyts, K., Scandariato, R., Preneel, B., & Joosen, W. (2010). Requirements  Engineering, 16(1), pg 3­32. doi:10.1007/S00766­01000115­7,     Deng, M., Wuyts, K., Scandariato, R., Preneel, B., & Joosen, W.  (2014)"LINDDUN Privacy  Threat Modeling." LINDDUN Privacy Threat Modeling. DistriNet Research Group, 2014.  Web. 09 July https://distrinet.cs.kuleuven.be/software/linddun/contributors.php .  Dennedy, M. F., Fox, J., & Finneran, T. R. (2014). Chapter 2: Foundational Concepts and  Frameworks. In The privacy engineer's manifesto: Getting from policy to code to QA to  value (pp. 25­28). New York, NY: Apress Open.
Dubrawsky, I. (2007, September 12). The De­perimeterization of Networks. Retrieved from  https://technet.microsoft.com/en­us/library/cc512604.aspx  N.A. /. "Zero Trust Approach To Network Segmentation." Palo Alto Networks. N.p., n.d.  Web. 10 July 2015. <https://www.paloaltonetworks.com/solutions/initiative/network­ segmentation.html>.  Gartner, Inc. (2015). Cloud Services Brokerage (CSB) ­ Gartner IT Glossary. Retrieved from http://www.gartner.com/it­glossary/cloud­services­brokerage­csb N.A. "Security Development Lifecycle." Web log post. Security Development Lifecycle.  Microsoft, 2015. Web. 15 July 2015.      https://www.microsoft.com/en­ us/SDL/process/training.aspx Robinson, I. (2015). The Labeled Property Graph Model. In Graph databases: New  opportunities for connected data (p. 4). S.l.: O'Reilly Media. Shostack, A. (2014). Chapter 6: Privacy Tools. In Threat Modeling: Designing for Security  (pp. 109­121). NY: John Wiley & Sons, Inc.,.  Sussna, J., & Urquhart, J. (2015). Chapter 3: IT as Conversational Medium. In Designing  delivery: Rethinking IT in the digital service economy (p. 53). Sebastopol, CA: O'reilly  Media.

More Related Content

PDF
Software Quality Analysis Using Mutation Testing Scheme
Editor IJMTER
 
PDF
J034057065
ijceronline
 
PDF
A Survey of Software Reliability factor
IOSR Journals
 
PDF
O0181397100
IOSR Journals
 
PDF
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Happiest Minds Technologies
 
PDF
Avc beh 201207_en
Anatoliy Tkachev
 
PDF
Volume 2-issue-6-1983-1986
Editor IJARCET
 
PDF
A Review on Software Mining: Current Trends and Methodologies
IJERA Editor
 
Software Quality Analysis Using Mutation Testing Scheme
Editor IJMTER
 
J034057065
ijceronline
 
A Survey of Software Reliability factor
IOSR Journals
 
O0181397100
IOSR Journals
 
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Happiest Minds Technologies
 
Avc beh 201207_en
Anatoliy Tkachev
 
Volume 2-issue-6-1983-1986
Editor IJARCET
 
A Review on Software Mining: Current Trends and Methodologies
IJERA Editor
 

What's hot (15)

PDF
Developing software analyzers tool using software reliability growth model
IAEME Publication
 
PDF
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
tsysglobalsolutions
 
PDF
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
ijseajournal
 
PDF
Conducting Security Metrics for Object-Oriented Class Design
IJCSIS Research Publications
 
PDF
A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT
ijseajournal
 
PDF
Information hiding based on optimization technique for Encrypted Images
IRJET Journal
 
PDF
UpGuard - Complete Guide to Vendor Questionnaires
Mike Baukes
 
PDF
Analysis of Malware Infected Systems & Classification with Gradient-boosted T...
Darshan Gorasiya
 
PDF
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
iosrjce
 
PDF
Using Fuzzy Clustering and Software Metrics to Predict Faults in large Indust...
IOSR Journals
 
PDF
An in depth study of mobile application testing in reference to real time sce...
Amit Aggarwal
 
PDF
05 extended report
rehema nzumira
 
PPTX
Chapter 1 - The Technical Test Analyst Tasks in Risk Based Testing
Neeraj Kumar Singh
 
PDF
Dynamic Taint Analysis Tools: A Review
CSCJournals
 
PDF
@#$@#$@#$"""@#$@#$"""
nikhilawareness
 
Developing software analyzers tool using software reliability growth model
IAEME Publication
 
IEEE ANDROID APPLICATION 2016 TITLE AND ABSTRACT
tsysglobalsolutions
 
SECURING SOFTWARE DEVELOPMENT STAGES USING ASPECT-ORIENTATION CONCEPTS
ijseajournal
 
Conducting Security Metrics for Object-Oriented Class Design
IJCSIS Research Publications
 
A REVIEW OF SECURITY INTEGRATION TECHNIQUE IN AGILE SOFTWARE DEVELOPMENT
ijseajournal
 
Information hiding based on optimization technique for Encrypted Images
IRJET Journal
 
UpGuard - Complete Guide to Vendor Questionnaires
Mike Baukes
 
Analysis of Malware Infected Systems & Classification with Gradient-boosted T...
Darshan Gorasiya
 
A Review on Software Fault Detection and Prevention Mechanism in Software Dev...
iosrjce
 
Using Fuzzy Clustering and Software Metrics to Predict Faults in large Indust...
IOSR Journals
 
An in depth study of mobile application testing in reference to real time sce...
Amit Aggarwal
 
05 extended report
rehema nzumira
 
Chapter 1 - The Technical Test Analyst Tasks in Risk Based Testing
Neeraj Kumar Singh
 
Dynamic Taint Analysis Tools: A Review
CSCJournals
 
@#$@#$@#$"""@#$@#$"""
nikhilawareness
 
Ad

Similar to Software data privacy threat analysis metric using no trust privacy risk metric (20)

PDF
Selecting an App Security Testing Partner: An eGuide
HCLSoftware
 
PDF
Procuring an Application Security Testing Partner
HCLSoftware
 
PDF
Ensuring Compliance with Industry Standards Through Application Security Test...
Anju21552
 
PPTX
Software Testing ppt
Pratibha Singh
 
PDF
A Combined Approach of Software Metrics and Software Fault Analysis to Estima...
IOSR Journals
 
PDF
Software testing.pdf
SwagatGogoi3
 
PDF
1811 1815
Editor IJARCET
 
PDF
1811 1815
Editor IJARCET
 
PDF
Exploring the Efficiency of the Program using OOAD Metrics
IRJET Journal
 
PDF
Software reusabilitydevelopment through NFL approach For identifying security...
IJECEIAES
 
PPT
Research/thesis poster
PavanPardeshi1
 
PPTX
Predict Android ransomware using categorical classifiaction.pptx
laharisai03
 
PPTX
Veracode - Inglês
DeServ - Tecnologia e Servços
 
PDF
Parameter Estimation of GOEL-OKUMOTO Model by Comparing ACO with MLE Method
IRJET Journal
 
PDF
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
IJCSEA Journal
 
PDF
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ijcsa
 
PDF
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ijcsa
 
PDF
ByteCode pentest report example
Ihor Uzhvenko
 
PDF
Security Testing
Pratham Software (PSI)
 
PDF
Software reliability engineering
Mark Turner CRP
 
Selecting an App Security Testing Partner: An eGuide
HCLSoftware
 
Procuring an Application Security Testing Partner
HCLSoftware
 
Ensuring Compliance with Industry Standards Through Application Security Test...
Anju21552
 
Software Testing ppt
Pratibha Singh
 
A Combined Approach of Software Metrics and Software Fault Analysis to Estima...
IOSR Journals
 
Software testing.pdf
SwagatGogoi3
 
1811 1815
Editor IJARCET
 
1811 1815
Editor IJARCET
 
Exploring the Efficiency of the Program using OOAD Metrics
IRJET Journal
 
Software reusabilitydevelopment through NFL approach For identifying security...
IJECEIAES
 
Research/thesis poster
PavanPardeshi1
 
Predict Android ransomware using categorical classifiaction.pptx
laharisai03
 
Veracode - Inglês
DeServ - Tecnologia e Servços
 
Parameter Estimation of GOEL-OKUMOTO Model by Comparing ACO with MLE Method
IRJET Journal
 
PROPOSING SECURITY REQUIREMENT PRIORITIZATION FRAMEWORK
IJCSEA Journal
 
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ijcsa
 
ANALYSIS OF SOFTWARE QUALITY USING SOFTWARE METRICS
ijcsa
 
ByteCode pentest report example
Ihor Uzhvenko
 
Security Testing
Pratham Software (PSI)
 
Software reliability engineering
Mark Turner CRP
 
Ad

More from Valdez Ladd MBA, CISSP, CISA, (7)

PDF
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
Valdez Ladd MBA, CISSP, CISA,
 
PDF
Cloud Breach - Forensics Audit Planning
Valdez Ladd MBA, CISSP, CISA,
 
PDF
The FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
Valdez Ladd MBA, CISSP, CISA,
 
PDF
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
Valdez Ladd MBA, CISSP, CISA,
 
PDF
Risk Management of Medical Devices Connected To IT Networks
Valdez Ladd MBA, CISSP, CISA,
 
PPT
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
 
PPT
HIPAA HITECH E-Prescribing / E-Prescription
Valdez Ladd MBA, CISSP, CISA,
 
The FDA - Mobile, and Fixed Medical Devices Cybersecurity Guidance
Valdez Ladd MBA, CISSP, CISA,
 
Cloud Breach - Forensics Audit Planning
Valdez Ladd MBA, CISSP, CISA,
 
The FDA and BYOD, Mobile and Fixed Medical Device Cybersecurity
Valdez Ladd MBA, CISSP, CISA,
 
FedRAMP - Federal Agencies & Cloud Service Providers meet FISMA 2.0
Valdez Ladd MBA, CISSP, CISA,
 
Risk Management of Medical Devices Connected To IT Networks
Valdez Ladd MBA, CISSP, CISA,
 
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
 
HIPAA HITECH E-Prescribing / E-Prescription
Valdez Ladd MBA, CISSP, CISA,
 

Recently uploaded (20)

PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
August Patch Tuesday
Ivanti
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Modernising the Digital Integration Hub
Daniel Toomey
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
Five Habits of High-Impact Board Members
OnBoard
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 

Software data privacy threat analysis metric using no trust privacy risk metric