Security Requirement Engineering Issues in Risk Management
نویسندگان
چکیده
Security refers the protection of software products from unauthorised access, alteration and destruction. Therefore, security requirement is a presently a major concern of software system and it is generally recommended to take care of security prior to software development process. Risk management is one of the most important aspects of security requirement engineering domain, which allows comparing security needs and costs of security measures. In this paper, we have discussed the incorporation of security issues in requirement engineering process. We have also proposed a method to match requirement engineering approaches with risk assessments approaches. The aim of this paper is to provide some models and methods to identify and include security in the early stage of software development process. Keyword Information System, Requirement Engineering, Security Requirements.
منابع مشابه
Security Requirements Engineering: Analysis and Prioritization
with the increase in the use of software system, security requirement engineering becomes an emergent area of study. Security requirements are constraints to a system which must be satisfied for consistent system. Most of the software engineering processes deals with security constraints during the design or implementation phases which may result into unnecessary constrained system. So the need...
متن کاملCombining Privacy and Security Risk Assessment in Security Quality Requirements Engineering
Security risk assessment identifies the threats to systems, while privacy risk assessment identifies data sensitivities in systems. The Security Quality Requirements Engineering (SQUARE) method is used to identify software security issues in the early stages of the development lifecycle. We propose combining the existing security risk assessment techniques in SQAURE with the Privacy Impact Asse...
متن کاملStructural Concepts for Trust, Contract and Security Management for a Virtual Chemical Engineering Organisation
The paper reports on ongoing research into the development of a management system to co-ordinate a set of activities of a virtual organisation for the production of chemicals. The paper reports on the authors’ experience in considering a real virtual organisation and raises issues of co-ordinating atomic activities that span across organisational boundaries and deals with systems that possess a...
متن کاملMapping of McGraw Cycle to RUP Methodology for Secure Software Developing
Designing a secure software is one of the major phases in developing a robust software. The McGraw life cycle, as one of the well-known software security development approaches, implements different touch points as a collection of software security practices. Each touch point includes explicit instructions for applying security in terms of design, coding, measurement, and maintenance of softwar...
متن کاملChapter 1 STRATEGIES FOR DEVELOPING POLICIES AND REQUIREMENTS FOR SECURE ELECTRONIC COMMERCE SYSTEMS
While the Internet is dramatically changing the way business is conducted, security and privacy issues are of deeper concern than ever before. A primary fault in evolutionary electronic commerce systems is the failure to adequately address security and privacy issues; therefore, security and privacy policies are either developed as an afterthought to the system or not at all. One reason for thi...
متن کامل