# CRSTIP - An Assessment Scheme for Security Assessment Processes

**Authors:** Arthur-Jozsef Molnar, J\"urgen Gro{\ss}mann

arXiv: 1702.08006 · 2017-02-28

## TL;DR

CRSTIP is a comprehensive evaluation scheme designed to assess and improve the maturity of security assessment processes in complex networked systems, emphasizing formalism, integration, and tool support.

## Contribution

This paper introduces CRSTIP, a novel scheme for systematically evaluating security assessment processes' maturity in networked infrastructures.

## Key findings

- CRSTIP effectively assesses security process maturity.
- Application to a RASEN case study demonstrates scheme's practicality.
- Highlights importance of formalism and tool support in security assessments.

## Abstract

Complex networked systems are an integral part of today's support infrastructures. Due to their importance, these systems become more and more the target for cyber-attacks, suffering a notable number of security incidents. Also, they are subject to regulation by national and international legislation. An operator of such an infrastructure or system is responsible for ensuring its security and correct functioning in order to satisfy customers. In addition, the entire process of risk and quality control needs to be efficient and manageable. This short paper introduces the Compliance, Risk Assessment and Security Testing Improvement Profiling (CRSTIP) scheme. CRSTIP is an evaluation scheme that enables assessing the maturity of security assessment processes, taking into consideration systematic use of formalisms, integration and tool-support in the areas of compliance assessment, security risk assessment and security testing. The paper describes the elements of the scheme and their application to one of the case studies of the RASEN research project.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1702.08006/full.md

## Figures

1 figure with captions in the complete paper: https://tomesphere.com/paper/1702.08006/full.md

## References

6 references — full list in the complete paper: https://tomesphere.com/paper/1702.08006/full.md

---
Source: https://tomesphere.com/paper/1702.08006