RiskREP: Risk-Based Security Requirements Elicitation and Prioritization

Part of book or chapter of book OPEN
Herrmann, Andrea; Morali, A.; Etalle, Sandro; Wieringa, Roelf J.; Niedrite, Laila; Strazdina, Renate; Wangler, Benkt;
  • Publisher: Springer Publishers
  • Subject: Elicitation | SCS-Services | IR-78045 | Risk-Based | Requirements | Security | RiskREP | SCS-Cybersecurity | EWI-20462 | METIS-278771 | Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security‿ but need to be able to justify their security investment plans. In this paper, w... View more
  • References (14)
    14 references, page 1 of 2

    1. I.S.O. I.E. Commission. ISO/IEC 9126, Information technology - Software product evaluation - Quality characteristics and guidelines for their use., 1991. http://www.iso.org.

    2. E. Dubois, P. Heymans, N. Mayer, and R. Matulevicius. A systematic approach to define the domain of information system security risk management. In S. N. et al., editor, Intentional Perspectives on Information Systems Engineering, p. 289-306. Springer, 2010.

    3. G. Elahi and E. Yu. Modeling and analysis of security trade-offs - A goal oriented approach. Data Knowledge Engineering, 68:579-598, 2009.

    4. G. Elahi, E. Yu, and N. Zannone. A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requir. Eng., 15(1):41-62, 2010.

    5. A. Herrmann and B. Paech. MOQARE: misuse-oriented quality requirements engineering. Requir. Eng., 13(1):73-86, 2008.

    6. S. Islam and S. Houmb. Integrating risk management activities into requirements engineering. In Proc. of the 4th Int. Conf. on Research Challenges in Information Science. IEEE Computer Society, 2010.

    7. P. Karpati, G. Sindre, and A. Opdahl. Visualizing cyber attacks with misuse case maps. In Requirements Engineering: Foundation for Software Quality, pages 262-275, 2010.

    8. A. P. Moore, R. J. Ellison, and R. C. Linger. Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, CMU, 2001.

    9. A. Morali. IT Architecture-Based Confidentiality Risk Assessment in Networks of Organizations. PhD thesis, University of Twente, Enschede, The Netherlands, 2011.

    10. J. Mylopoulos, L. Chung, S. Liao, H. Wang, and E. Yu. Exploring alternatives during requirements analysis. IEEE Software, 18:92-96, 2001.

  • Metrics
    No metrics available
Share - Bookmark