The Unified Modeling Language user guide
The Unified Modeling Language user guide
The unified software development process
The unified software development process
Real-time UML (2nd ed.): developing efficient objects for embedded systems
Real-time UML (2nd ed.): developing efficient objects for embedded systems
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Translating Use Cases to Sequence Diagrams
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
UML Distilled: A Brief Guide to the Standard Object Modeling Language
UML Distilled: A Brief Guide to the Standard Object Modeling Language
Abuse-Case-Based Assurance Arguments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Deriving Safety Requirements Using Scenarios
RE '01 Proceedings of the Fifth IEEE International Symposium on Requirements Engineering
An aspect-oriented methodology for designing secure applications
Information and Software Technology
Aspect-Oriented risk driven development of secure applications
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
A security risk analysis model for information systems
AsiaSim'04 Proceedings of the Third Asian simulation conference on Systems Modeling and Simulation: theory and applications
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
Hi-index | 0.00 |
Successful Security Risk Analysis (SRA) enables us to develop a secure information management system and provides valuable analysis data for future risk estimation. One of the qualitative techniques for SRA is the scenario method. This provides a framework for our explorations that raises our awareness and appreciation of uncertainty. However, the existing scenario methods are too abstract to be applicable to some situations and have not been formalized in information systems (ISs) because they do not explicitly define artifacts or have any standard notation. Therefore, this paper proposes the improved scenario-based SRA approach, which can create SRA reports using threat scenario templates and manage security risk directly in ISs. Furthermore, in order to show how to apply the proposed method in a specific environment, especially in a Broadband convergence Network (BcN) environment, a case study is presented. Copyright © 2011 John Wiley & Sons, Ltd.