Four dark corners of requirements engineering
ACM Transactions on Software Engineering and Methodology (TOSEM)
Problem frames: analyzing and structuring software development problems
Problem frames: analyzing and structuring software development problems
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Using Abuse Frames to Bound the Scope of Security Problems
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Cost-Benefit Trade-Off Analysis Using BBN for Aspect-Oriented Risk-Driven Development
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Eliciting confidentiality requirements in practice
CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
The Security Development Lifecycle
The Security Development Lifecycle
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
From Trust to Dependability through Risk Analysis
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
A Security Engineering Process based on Patterns
DEXA '07 Proceedings of the 18th International Conference on Database and Expert Systems Applications
Analysis and Component-based Realization of Security Requirements
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
A comparison of security requirements engineering methods
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Mal-activity diagrams for capturing attacks on business processes
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Hi-index | 0.00 |
In this paper, the author aim to present a threat and risk-driven methodology to security requirements engineering. The chosen approach has a strong focus on gathering, modeling, and analyzing the environment in which a secure ICT-system to be built is located. The knowledge about the environment comprises threat and risk models. As presented in the paper, this security-relevant knowledge is used to assess the adequacy of security mechanisms, which are then selected to establish security requirements.