CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Security Requirement Engineering Issues in Risk Management

by Dhirendra Pandey, Ugrasen Suman, A. K. Ramani
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 17 - Number 5
Year of Publication: 2011
Authors: Dhirendra Pandey, Ugrasen Suman, A. K. Ramani
10.5120/2218-2827

Dhirendra Pandey, Ugrasen Suman, A. K. Ramani . Security Requirement Engineering Issues in Risk Management. International Journal of Computer Applications. 17, 5 ( March 2011), 11-14. DOI=10.5120/2218-2827

@article{ 10.5120/2218-2827,
author = { Dhirendra Pandey, Ugrasen Suman, A. K. Ramani },
title = { Security Requirement Engineering Issues in Risk Management },
journal = { International Journal of Computer Applications },
issue_date = { March 2011 },
volume = { 17 },
number = { 5 },
month = { March },
year = { 2011 },
issn = { 0975-8887 },
pages = { 11-14 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume17/number5/2218-2827/ },
doi = { 10.5120/2218-2827 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T20:04:52.565782+05:30
%A Dhirendra Pandey
%A Ugrasen Suman
%A A. K. Ramani
%T Security Requirement Engineering Issues in Risk Management
%J International Journal of Computer Applications
%@ 0975-8887
%V 17
%N 5
%P 11-14
%D 2011
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Security refers the protection of software products from unauthorised access, alteration and destruction. Therefore, security requirement is a presently a major concern of software system and it is generally recommended to take care of security prior to software development process. Risk management is one of the most important aspects of security requirement engineering domain, which allows comparing security needs and costs of security measures. In this paper, we have discussed the incorporation of security issues in requirement engineering process. We have also proposed a method to match requirement engineering approaches with risk assessments approaches. The aim of this paper is to provide some models and methods to identify and include security in the early stage of software development process.

References
  1. Kotonya G. and Sommerville I.: Requirements Engineering: Processes and Techniques. John Wiley & Sons, 1998.
  2. Alexander I.: Misuse Cases Help to Elicit Non- Functional Requirements, Position paper for Policy Workshop 1999, Bristol, U.K., and November 1999.
  3. McDermott J. Fox C.: Using Abuse Case Models for Security Requirements Analysis, 15th Annual Computer Security Applications Conference, Phoenix, Arizona, December 1999.
  4. Fredriksen R., Kristiansen M., Gran B., Stolen A. K., Opperud T. A. and Dimitrakos T.:The CORAS framework for a model-based risk management process, Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (Safecomp 2002), LNCS 2434, pp. 94-105, Springer, 2002.
  5. Lin L., Nuseibeh B., Ince D., and Jackson M.: Using Abuse Frames to Bound the Scope of Security Problems, RE’04, Kyoto, Japan, 2004.
  6. Yu E.: Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering, Proceedings of the IEEE Int. Symp. Requirements Engineering, Annapolis, Maryland, pp. 226-235, January 1997.
  7. Liu L., Yu E. and Mylopoulos J.: Analyzing Security Requirements As Relationships among Strategic Actors, 2nd Symposium on Requirements Engineering for Information Security (SREIS), Raleigh, North Carolina, 2002.
  8. Gaunard P. and E. Dubois: Using Requirements Engineering Techniques for Bridging the Gap Between Risk Analysis and Security Policies, 18th IFIP International Information Security Conference, Athens, Greece, May 2003.
  9. Dardenne A., Van Lamsweerde A. and Fickas S.: Goal- Directed Requirements Acquisition, Science of Computer Programming Vol. 20, North Holland, pp. 3-50, 1993.
  10. Chung L., Nixon B.A., Yu E. and Mylopoulos J.: Non- Functional Requirements in Software Engineering, Kluwer Academic Publishers, Boston, 2000.
  11. Sandra G. Behrens. Richard D. Pethia. William R. Wilson. :Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE), Carnegie Mellon - Software Engineering Institute, June 1999.
  12. Harmonis M.: Analysis of Risks, (MEHARI), CLUSIF, Version 3, Octobre 2004.
  13. CRAMM Report, CCTA3 Risk Analysis and Management Method.
  14. Pandey Dhirendra, Suman Ugrasen, Ramani A. K.: Security Requirement Engineering Framework for Developing secure Software, International Journal of Computational Intelligence and Information Security (IJCIIS) Australia, Vol. 1 No. 8, October 2010, pp 55-65, ISSN 1837-7823.
Index Terms

Computer Science
Information Sciences

Keywords

Information System Requirement Engineering Security Requirements

Powered by PhDFocusTM