Viewpoints: principles, problems and a practical approach to requirements engineering
Annals of Software Engineering
Building problem domain ontology from security requirements in regulatory documents
Proceedings of the 2006 international workshop on Software engineering for secure systems
Towards a Requirements-Driven Workbench for Supporting Software Certification and Accreditation
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
An integrated risk measurement and optimization model for trustworthy software process management
Information Sciences: an International Journal
Hi-index | 0.00 |
Trustworthiness in services provided by the Critical Infrastructure (CI) is essentially dependent on the quality of underlying software, systems, practice and environment, as which the software information infrastructures are becoming increasingly a major component of business, industry, government and defense. The level of trustworthiness required from services that are operational in such critical software information infrastructures is often established based on standardized infrastructure-wide evaluation criteria - Certification and Accreditation (C&A) - through the identification of operational risks and the determination of conformance with established security standards and best practices. In order to effectively establish such levels of trustworthiness for services in the CI, we identify the need for a structured and comprehensive C&A framework with appropriate tool support that combines its theoretical and practical aspects. In this paper, we present our efforts in developing such a framework that leverages novel techniques from software requirements engineering and knowledge engineering to support the automation of the Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP), which is a standard for certifying and accrediting the information networks that support the Defense Information Infrastructure (DII). Through the examples derived from our case study, we further motivate the applicability and appropriateness of our framework.