Introducing OSSF: A framework for online service cybersecurity risk management

This paper proposes a new framework for online services security risk management which can be used by both service providers and service consumers. The proposed framework was validated through a case study performed in a large enterprise environment. The key components of the proposed framework are Threat model and Risk model. These models are designed to fit specific features of online services and the surrounding cyberspace environment. A risk management process is an integral part of the framework. The process is suitable for frequent and recurrent risk assessments. The process execution results in identification and performance of proper tasks which contribute to treatment of identified security risks and deficiencies. Online services risk score could be continuously documented and reported if the process is executed on a regular basis.