Computer systems process, store and transfer sensitive information which makes them a valuable asset. Despite the existence of standards such as ISO 27005 for managing information risk, cyber threats are increasing, exposing such systems to security breaches, and at the same time, compromising users' privacy. However, threat modelling has also emerged as an alternative to identify and analyze them, reducing the attack landscape by discarding low-risk attack vectors, and mitigating high-risk ones. In this work, we introduce a novel threat-modelling-based approach for risk management, using ISO 27005 as a baseline for integrating ISO 27001/27002 security controls with privacy regulations outlined in the European General Data Protection Regulation (GDPR). In our proposal, risk estimation and mitigation is enhanced by combining STRIDE and attack trees as a threat modelling strategy. Our approach is applied to an IoT case study, where different attacks are analyzed to determine their risk levels and potential countermeasures.

翻译：计算机系统处理、存储和传输敏感信息，使其成为重要资产。尽管存在如ISO 27005等管理信息风险的标准，网络威胁仍在增加，使此类系统面临安全漏洞，同时损害用户隐私。然而，威胁建模已作为一种替代方法出现，用于识别和分析这些威胁，通过排除低风险攻击向量并缓解高风险攻击向量来缩小攻击面。在本工作中，我们提出了一种基于威胁建模的新型风险管理方法，以ISO 27005为基础，将ISO 27001/27002安全控制与欧洲通用数据保护条例（GDPR）中规定的隐私法规相结合。在我们的方案中，通过结合STRIDE和攻击树作为威胁建模策略，增强了风险评估与缓解能力。我们将该方法应用于物联网案例研究，分析不同攻击以确定其风险等级及潜在应对措施。