Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

Part of book or chapter of book OPEN
Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt;
(2012)
  • Publisher: Springer
  • Subject: SCS-Services | RISK ASSESSMENT | Security | Non-Functional Requirements | IT architecture | IR-80250 | SCS-Cybersecurity | METIS-287844 | EWI-21259 | Misuse Cases | Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. Currently compan... View more
  • References (20)
    20 references, page 1 of 2

    Y. Asnar, P. Giorgini and J. Mylopoulos, Goal-driven risk assessment in requirements engineering. Requirement Engineering Journal, 1-16 2010.

    2. F. Braber, I. Hogganvik, M. Lund, K. Stølen, and F. Vraalsen. Model-based security analysis in seven steps - a guided tour to the CORAS method. BT Technology Journal, 25(1):101-117, 2007.

    3. I.S.O. I.E. Commission. ISO/IEC 9126, Information technology - Software product evaluation - Quality characteristics and guidelines for their use., 1991. http://www.iso.org.

    4. E. Dubois, P. Heymans, N. Mayer, and R. Matulevicius. A systematic approach to define the domain of information system security risk management. In S. N. et al., editor, Intentional Perspectives on Information Systems Engineering, p. 289-306. Springer, 2010.

    5. G. Elahi and E. Yu. Modeling and analysis of security trade-offs - A goal oriented approach. Data Knowledge Engineering, 68:579-598, 2009.

    6. G. Elahi, E. Yu, and N. Zannone. A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir. Eng., 15(1):41-62, 2010.

    7. A. Herrmann and B. Paech. MOQARE: misuse-oriented quality requirements engineering. Requir. Eng., 13(1):73-86, 2008.

    8. A. Herrmann, A. Morali, S. Etalle and R. Wieringa. RiskREP: Risk-Based Security Requirements Elicitation and Prioritization. In: Perspectives in Business Informatics Research, 1st International Workshop on Alignment of Business Process and Security Modelling, 155-162, 2011.

    9. S. Islam and S. Houmb. Integrating risk management activities into requirements engineering. In Proc. of the 4th Int. Conf. on Research Challenges in Information Science. IEEE Computer Society, 2010.

    10. P. Karpati, G. Sindre, and A. Opdahl. Visualizing cyber attacks with misuse case maps. In Requirements Engineering: Foundation for Software Quality, pages 262-275, 2010.

  • Metrics
    No metrics available
Share - Bookmark