Need for support during threat, risk and vulnerability analysis of IT systems in the Swedish Armed Forces
Publish date: 2012-07-12
Report number: FOI-R--3452--SE
Pages: 18
Written in: Swedish
Keywords:
- Threat analysis
- risk analysis
- vulnerability analysis
- needs analysis
- information system
- accreditation
Abstract
The goal of the project Improved threat, risk and vulnerability analysis is to identify how these analyzes can be rationalized as part of an effort to speed up the process for accreditation of IT systems. The first step is to identify which areas are in need of improvement. This is done through a needs analysis where the different stakeholder's needs are compiled and analyzed. In 2011, a needs analysis was conducted. The analysis focused on method and tool support for threat, risk and vulnerability analysis undertaken in the development of the security objectives of the Armed Forces' IT systems. This report presents a revision of the earlier analysis. The revision resulted in 32 needs divided into five categories. The identified needs will be used as a basis for further work on designing and implementing demonstrators and conceptual tools.