Threat modeling: a study on its application in digital transformation from the perspective of risk
Keywords:Information Security, Threat Modeling, Digital Transformation, Risk Management, Cyber Risk
Information security is a topic that has been increasingly discussed nowadays after the beginning of the pandemic and its understanding has been fundamental to protect information in several organizations. The present study aims to identify and analyze the application of threat modeling in digital transformation from the perspective of information security risks. For the development of the research, a systematic review of the literature was conducted with the adoption of a protocol based on PRISMA-P to identify which threat modeling techniques have been applied in digital transformation and which information security risk approaches are used in the application of the threat modeling. The result of this study suggests that threat modeling applied in digital transformation uses customized models by means of unspecified techniques and that qualitative risk approaches have been adopted more frequently in digital transformation.
ARIA, M.; CUCCURULLO, C. Bibliometrix: An R-tool for comprehensive science mapping analysis. Journal of informetrics, v. 11, n. 4, p. 959-975, 2017.
BICAN, P.M.; BREM, A. Digital business model, digital transformation, digital entrepreneurship: Is there a sustainable “digital”? Sustainability, v.12, n.13, p.5239, 2020.
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION; INTERNATIONAL ELECTROTECHNICAL COMMISSION. ISO/IEC 27001:2022
Information security, cybersecurity and privacy protection - Information security management systems - Requirements. Geneva: ISO/IEC, 2022.
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION; INTERNATIONAL ELECTROTECHNICAL COMMISSION. ISO/IEC 27005:2022
Information security, cybersecurity and privacy protection - Guidance on managing information security risks. Geneva: ISO/IEC, 2022.
ISLAM, S.M.R. et al. The internet of things for health care: a comprehensive survey.
IEEE access, v. 3, p. 678-708, 2015.
KALTUM, U.; WIDODO, A.; YANUARDI, A.W. Local TV goes to global market through digital transformation. Academy of Strategic Management Journal, v. 15, p. 221-229, 2016.
MANADHATA, P.K.; WING, J.M. A formal model for a system’s attack surface. In:
Moving Target Defense. Springer, New York, NY, 2011. p. 1-28.
MOHER, D. et al. Preferred reporting items for systematic review and meta-analysis
protocols (PRISMA-P) 2015 statement. Systematic reviews, v. 4, n. 1, p. 1-9, 2015.
SCANDARIATO, R.; WUYTS, K.; JOOSEN, W. A descriptive study of Microsoft’s
threat modeling technique. Requirements Engineering, v. 20, n. 2, p. 163-180, 2015.
UCEDAVELEZ, T.; MORANA, M.M. Risk Centric Threat Modeling: process for
attack simulation and threat analysis. John Wiley & Sons, 2015.
YOKOYAMA, R.; ARIMA, C.H. Análise textual e bibliométrica sobre modelagem de
ameaça. Brazilian Journal of Development, v. 8, n. 1, p. 7678-7690, 2022.
YOKOYAMA, Rodrigo; ARIMA, Carlos Hideo. Modelagem de ameaça, análise de risco e suas aplicações na literatura, International Journal of Development Research, 12, (04), 55049-55055. 2022.
How to Cite
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who publish with this journal agree to the following terms:
• 1. The author(s) authorize the publication of the article in the journal.
• 2. The author(s) ensure that the contribution is original and unpublished and is not being evaluated in other journal(s).
• 3. The journal is not responsible for the opinions, ideas and concepts expressed in the texts because they are the sole responsibility of the author(s).
• 4. The publishers reserve the right to make adjustments and textual adaptation to the norms of APA.
• 5. Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• 6. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• 7. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access) at http://opcit.eprints.org/oacitation-biblio.html