This paper reviews the state of the art in cyber security risk assessment of Supervisory
Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four …

Cyber attacks are increasing in number and sophistication, causing organisations to
continuously adapt management strategies for cyber security risks. As a key risk mitigation …

Context: The adoption or acceptance of new technologies or ways of working in software
development activities is a recurrent topic in the software engineering literature. The topic …

Context and motivation: Cyber-Physical Systems (CPSs) are gaining priority over other
systems. The heterogeneity of these systems increases the importance of security. Both the …

Digital security professionals use threat modeling to assess and improve the security
posture of an organization or product. However, no threat-modeling techniques have been …

The assessment of new vulnerabilities is an activity that accounts for information from
several data sources and produces a'severity'score for the vulnerability. The Common …

In an initial attempt to systematize the research field of architectural threat analysis, this
paper presents a comparative study of two threat analysis techniques. In particular, the …

In the past decade, speed has become an essential trait of software development (eg, agile,
continuous integration, DevOps) and any inefficiency is considered unaffordable time …

Cyber-physical systems (CPS) are complex evolution of classical software systems. These
systems integrate the physical layer with software systems, generating the ability for software …

Abstract [Context and motivation] To remedy the lack of security expertise, industrial security
risk assessment methods come with catalogues of threats and security controls.[Question …