CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
A meta-model for usable secure requirements engineering
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Towards a decision model based on trust and security risk management
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
Using special use cases for security in the software development life cycle
WISA'10 Proceedings of the 11th international conference on Information security applications
Towards transformation guidelines from secure tropos to misuse cases (position paper)
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
Aligning mal-activity diagrams and security risk management for security requirements definitions
REFSQ'12 Proceedings of the 18th international conference on Requirements Engineering: foundation for software quality
Mitigating multi-threats optimally in proactive threat management
ACM SIGSOFT Software Engineering Notes
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
| Hi-index | 0.00 |
It is recognised that security has to be addressed through the whole system development process. However current practices address security only in late stages, i.e., development or maintenance. Due to the success of UML use cases, misuse cases have been accepted by industry as a means to tackle security. However misuse cases, firstly, lack a precise application process, secondly, are too general which results in under-definition or misinterpretation of their concepts. In this paper we examine misuse cases in the light of a reference model for information system security risk management (ISSRM). Using the well-known Meeting Scheduler example we show how misuse cases can be used to follow a security risk management process. Next we check the misuse case ontology according to the concepts found in current risk management standards. The paper suggests improvements for the conceptual appropriateness of misuse cases for the security risk domain.