Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The PIVO process for identifying vulnerabilities impact for organisation risks: An automated solution
Cyber Security: A Peer-Reviewed Journal,
6
(1),
62-78
(2022)
Abstract
Risk management (RM) and vulnerability management (VM) are both essential cyber security domains. They are often managed independently without a proper interface to provide context information to each other and share information. This paper proposes an approach to connect RM and VM processes based on data standardisation through referential and automation to relate vulnerabilities to operational risk scenarios. The focus is mainly on the identification of the referential and their added value to complement a method described in a previous paper.
Keywords: vulnerability management; risk management; CMDB; automation; CVSS; cyber kill chain
The full article is available to subscribers to the journal.
Author's Biography
Jean-Luc Simoni holds a PhD in computer science from the University of Paris 7 and has over 20 years’ experience in the field of IT and cyber security. During his career, he has gathered extensive knowledge and comprehensive vision of numerous areas of IT, from development to operations. In 2017, he joined Thales as a Senior Cyber Security Consultant, working notably on the accreditation of a space system. In 2020 he started his mission in a European space programme as a cyber security expert, managing a team of cyber security engineers.
Alexis Ulliac CISSP is an experienced cyber security engineer of 13 years. He holds a French engineering degree and a MSc in computer and information security from the University of Plymouth, UK. He started in the defence industry as a cyber security specialist and auditor, rapidly advancing to become a cyber security architect in charge of building systems accreditation dossiers for the French Navy as well as foreign navies. In 2017, he joined Thales as a Security Risk Manager consultant for a European space programme. He is currently manager of a team of cyber security engineers and contributes to the community through trainings and publications.
Thomas Massip holds a Master’s degree in network and telecommunication from Paul Sabatier University, Toulouse, France. He began his career in Ireland as a network security analyst for a network security company. In 2020, he joined Thales as a Cyber Security Engineer consultant for a European space programme and performs risk assessment in view of system accreditation and support audit and penetration test campaigns.
Thomas Devaux joined Thales in 2019 as Team Leader of cyber security consulting engineers to compile accreditation dossiers and to lead audits and penetration test campaigns. Coming from a military training in electronics engineering specialising in radio communication, in 1991 Thomas began his career in the French Army as an expert on automated control and data acquisition and automated systems of data mining for an aeronautical system. In 2004, he embarked on the security of information systems. He naturally evolved towards cyber security and assumed various responsibilities up to those of French CISO of the Interim Combined Joint Expeditionary Force.
