Threat scenario-based security risk analysis using use case modeling in information systems

Young Gab Kim, Sungdeok Cha

Research output: Contribution to journalArticlepeer-review

16 Citations (Scopus)


Successful Security Risk Analysis (SRA) enables us to develop a secure information management system and provides valuable analysis data for future risk estimation. One of the qualitative techniques for SRA is the scenario method. This provides a framework for our explorations that raises our awareness and appreciation of uncertainty. However, the existing scenario methods are too abstract to be applicable to some situations and have not been formalized in information systems (ISs) because they do not explicitly define artifacts or have any standard notation. Therefore, this paper proposes the improved scenario-based SRA approach, which can create SRA reports using threat scenario templates and manage security risk directly in ISs. Furthermore, in order to show how to apply the proposed method in a specific environment, especially in a Broadband convergence Network (BcN) environment, a case study is presented.

Original languageEnglish
Pages (from-to)293-300
Number of pages8
JournalSecurity and Communication Networks
Issue number3
Publication statusPublished - 2012 Mar


  • Broadband convergence Network (BcN)
  • Qualitative risk analysis
  • Scenario method
  • Security risk analysis
  • Use case modeling

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Threat scenario-based security risk analysis using use case modeling in information systems'. Together they form a unique fingerprint.

Cite this