Yohann Petiot’s scientific contributions

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (4)


Fig. 2. Motivation -Business Process Cooperation Viewpoint. This diagram describes relationships with the targeted business processes and the Actors that perform the processes.
Fig. 3. KEFE model -Scenarios Hierarchisation
Fig. 4. KEFE model example
Fig. 5. Proposed Framework
Towards a Security Impact Analysis Framework: A Risk-Based and MITRE Attack Approach
  • Chapter
  • Full-text available

February 2023

·

82 Reads

·

3 Citations

Lecture Notes in Computer Science

·

Martin Boyer

·

Jérôme Letailleur

·

[...]

·

Cyber security assessment aims at determining the cybersecurity state of an assessed asset to check how effectively the asset fulfills specific security objectives. We are confronted with a lack of an integrated framework coupling a top-down approach such as a risk-based analysis of information systems, with a bottom-up approach such as MITRE Attack to map and understand the details of the actions taken by the attackers to evaluate a defensive coverage throughout the development life cycle. We depict in this ongoing work the description of a Security Impact Analysis Framework (SAIF) to support cyber analysts, cyber administrators, and developers in their daily tasks of security impact analysis and provide project stakeholders with sufficient security proof and defense gaps. The goal is to avoid the use of a myriad of “tool islands” to automate the security impact assessment process providing sufficient safety evidence throughout the development cycle of a project. A case study of the development of an autonomous shuttle service is used to illustrate some selected assets from the MITRE Attack approach as practical usage of this framework. KeywordsSecurity impact analysisMITRE attackRisk-based analysisCybersecurityInformation systems

Download



Citations (2)


... However, the described methodology does not account explicitly for cyber threat intelligence information and accounts only for vulnerabilities and threat correlation. In [46], a framework is proposed to utilize the MITRE ATT&CK knowledge base in the risk assessment to provide sufficient evidence during the development lifecycle. The framework describes workflows to create strategic, operational, and technical scenarios based on the EBIOS methodology, with explicit consideration for cyber threat intelligence and its continuous information feeds. ...

Reference:

An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure
Towards a Security Impact Analysis Framework: A Risk-Based and MITRE Attack Approach

Lecture Notes in Computer Science

... The usage of ELK stack in monitoring and data processing is a possibility very welcomed for, however, we are modifying a few parts [21]. In addition to finding that Opensearch could be a more suitable solution and why other organizations would opt for it [22], the authors of these articles [23] do a great job pointing out why a Grafana Loki [24] and Prometheus [25], [26] setup could also be a very solid choice now. Visualizing returned data properly is always a crucial point and will make for better, more human readable results. ...

An Assessment Platform of Cybersecurity Attacks against the MQTT Protocol using SIEM
  • Citing Conference Paper
  • September 2022