Investigation of IS professionals' intention to practise secure development of applications
International Journal of Human-Computer Studies
Computer Standards & Interfaces
Refining and reasoning about nonfunctional requirements
Proceedings of the 47th Annual Southeast Regional Conference
A systematic review of security requirements engineering
Computer Standards & Interfaces
Teaching Security Requirements Engineering Using SQUARE
REET '09 Proceedings of the 2009 Fourth International Workshop on Requirements Engineering Education and Training
Using allopoietic agents in replicated software to respond to errors, faults, and attacks
Proceedings of the 48th Annual Southeast Regional Conference
KES'06 Proceedings of the 10th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
A framework for specifying and managing security requirements in collaborative systems
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Engineering self-protection for autonomous systems
FASE'06 Proceedings of the 9th international conference on Fundamental Approaches to Software Engineering
Software quality trade-offs: A systematic map
Information and Software Technology
How to select a security requirements method? a comparative study with students and practitioners
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
A framework to support selection of cloud providers based on security and privacy requirements
Journal of Systems and Software
Hi-index | 0.00 |
Requirements engineering, a vital component in successful project development, often neglects sufficient attention to security concerns. Further, industry lacks a useful model for incorporating security requirements into project development. Studies show that upfront attention to security saves the economy billions of dollars. Industry is thus in need of a model to examine security and quality requirements in the development stages of the production lifecycle.In this paper, we examine a methodology for both eliciting and prioritizing security requirements on a development project within an organization. We present a model developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program, and then examine two case studies where the model was applied to a client system. The NSS Program continues to develop this useful model, which has proven effective in helping an organization understand its security posture.