The RASEN documents
Our dependence on heterogeneous networked service and computing environments means that it is essential for organisations (including their non-technical personnel) to understand what their security properties mean in terms of risks. The RASEN project addresses these challenges in two dimensions. The first dimension addresses is addressed by developing support for systematic composition of security assessment results. The second dimension regards developing support for systematically. combing security risk assessment (on the high level) with security testing (on the low level) where on the one hand, the security risk assessment can be used to derive the security test cases, and on the other, security test results can be used to verify or updating the risk assessment. The overall objective of RASEN is to strengthen European organisations’ ability to conduct security assessments of large scale networked systems through the combination of security risk assessment and security testing, taking into account the context in which the system is used, such as liability, legal and organisational issues as well as technical issues. The main objective will be achieved through the following scientific and technology objectives:
- O1: Enable organisations (including their non-technical experts) to understand what low-level security test results mean in terms of risks and legal obligations by aggregating security test results to the risk assessment level.
- • O2: Enable organisations to guide the security testing by high-level technical as well as non-technical considerations through systematic derivation of security test cases from risk assessment results.
- • O3: Enable organisations to obtain a global view of the security of large scale network systems through compositional assessment.
- • O4: Make it easier for organisations to show that they are compliant with legal norms of relevance to security.
- • O5: Enable continuous and rapid security risk assessment of large scale networked systems. c. Consortium