Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Bringing security home: a process for developing secure and usable systems
Proceedings of the 2003 workshop on New security paradigms
Eliciting security requirements with misuse cases
Requirements Engineering
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
A model-based approach to trust, security and assurance
BT Technology Journal
Using assurance models to aid the risk and governance life cycle
BT Technology Journal
The BT Risk Cockpit --- a visual approach to ORM
BT Technology Journal
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
Hi-index | 0.00 |
The BT Security Research Centre has defined and continues to develop a modelling language and method for representing and analysing ICT security requirements. The language is used to create a model that serves as a medium for communication between consultant and customer, a guide in making decisions, and the basis of a specification for implementing a solution. Three sub-models deal with business and technical requirements of the ICT system; threats, vulnerability and risks; and security measures and processes. The modelling process is iterative, with decisions being driven by optimisation of business value, trading off risk against cost. This paper focuses on aspects of the method dealing with assessment of risk and analysis of requirements for operational risk management.