Biblio

The heart of research pumps for analyzing risks in today's competitive business environment where big, massive computations are performed on interconnected devices pervasively. Advanced computing environments i.e. Cloud, big data and Internet of things are taken under consideration for finding and analyzing business risks developed from evolutionary, interoperable and digital devices communications with massive volume of data generated. Various risks in advanced computational environment have been identified in this research and are provided with risks mitigation strategies. We have also focused on how risk management affects these environments and how that effect can be mitigated for software and business quality improvement.

In enterprise environments, the amount of managed assets and vulnerabilities that can be exploited is staggering. Hackers' lateral movements between such assets generate a complex big data graph, that contains potential hacking paths. In this vision paper, we enumerate risk-reduction security requirements in large scale environments, then present the Agile Security methodology and technologies for detection, modeling, and constant prioritization of security requirements, agile style. Agile Security models different types of security requirements into the context of an attack graph, containing business process targets and critical assets identification, configuration items, and possible impacts of cyber-attacks. By simulating and analyzing virtual adversary attack paths toward cardinal assets, Agile Security examines the business impact on business processes and prioritizes surgical requirements. Thus, handling these requirements backlog that are constantly evaluated as an outcome of employing Agile Security, gradually increases system hardening, reduces business risks and informs the IT service desk or Security Operation Center what remediation action to perform next. Once remediated, Agile Security constantly recomputes residual risk, assessing risk increase by threat intelligence or infrastructure changes versus defender's remediation actions in order to drive overall attack surface reduction.