A comparative study of proposals for establishing security requirements for the development of secure information systems

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3982 LNCS, Issue , 2006, Pages 1044-1053

  Mellado, Daniel ^a   Fernández Medina, Eduardo ^b   Piattini, Mario ^b  

^a Ministry of Labour and Social Affairs Management Organism of Information Technologies of the Social Security Quality Auditing and Security Institute ^*  (Spain)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION RETRIEVAL SYSTEMS; PROBLEM SOLVING; REQUIREMENTS ENGINEERING; SOFTWARE ENGINEERING;

INFORMATION SYSTEMS; SECURITY PROBLEMS; SECURITY REQUIREMENTS;

SECURITY OF DATA;

EID: 33745912495     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/11751595_109     Document Type: Conference Paper

References (26)

1. Alberts, C.J., Behrens, S.G., Pethia, R.D., and Wilson, W.R., OCTAVE Framework, Version 1.0.1999: Networked Systems Survivability Program, p. 84.
2. Baskeville, R., The development duality of information systems security. Journal of Management Systems, 1992. 4(1): p. 1-12.
3. Boehm, B. and Turner, R., Observations on Balancing Discipline and Agility. 2003: Agile Development Conference (ADC '03). p. 32.
4. Boehm, B. and Turner, R., Balancing Agility and Discipline: Evaluating and Integrating Agile and Plan-Driven Methods. 2004: ICSE'04. p. 718-719.
5. Breu, R., Burger, K., Hafner, M., and Popp, G., Towards a Systematic Development of Secure Systems. 2004: WOSIS 2004.
6. Breu, R. and Innerhofer-Oberperfler, F., Model based business driven IT security analysis. 2005: SREIS 2005.
7. D'Souza, D.F. and Wills, A.C., Objects, Components & Frameworks with UML: The Catalysis Approach. 1998: Addison-Wesley Publishing Company.
8. Firesmith, D.G., Engineering Security Requirements. Journal of Object Technology, 2003. 2(1): p. 53-68.
9. Firesmith, D.G., Security Use Cases. 2003: Journal of Object Technology, p. 53-64.
10. Firesmith, D.G., Specifying Reusable Security Requirements. 2004: Journal of Object Technology, p. 61-75.
11. Gutiérrez, C., Moros, B., Toval, A., Fernández-Medina, E., and Piattini, M., Security Requirements for Web Services based on SIREN. Symposium on Requirements Engineering for Information Security (SREIS-2005), together with the 13th IEEE International Requirements Engineering Conference - RE'05, 2005.
12. Jacobson, I., Booch, G., and Rumbaugh, J., The Unified Software Development Process. 1999: Addison-Wesley Longman Inc.
13. Jennex, M.E., Modeling security requirements for information systems development. 2005: SREIS 2005.
14. Jürjens, J., Secure Systems Development with UML. 2005: Springer. 309.
15. Kim., H.-K., Automatic Translation Form Requirements Model into Use Cases Modeling on UML, C. Youn-Ky, Editor. 2005: ICCSA 2005.
16. Kotonya, G. and Sommerville, I., Requirements Engineering Process and Techniques. 1998.
17. Liu, L., Yu, E., and Mylopoulus, J., Security and Privacy Requirements Analysis within Social Setting. 2003: 11th IEEE International Requirements Engineering Conference.
18. McDermott, J. and Fox, C. Using Abuse Case Models for Security Requirements Analysis. in Annual Computer Security Applications Conference. 1999. Phoenix, Arizona.
19. Mouratidis, H., Giorgini, P., Manson, G., and Philp, I. A Natural Extension of Tropos Methodology for Modelling Security, in Workshop on Agent-oriented methodologies, at OOPSLA 2002. 2003. Seattle, WA, USA.
20. Myagmar, S., J. Lee, A., and Yurcik, W., Threat Modeling as a Basis for Security Requirements. 2005: SREIS 2005.
21. Peeters, J., Agile Security Requirements Engineering. 2005: SREIS 2005.
22. Popp, G., Jürjens, J., Wimmel, G., and Breu, R., Security-Critical System Development with Extended Use Cases. 2003: 10th Asia-Pacific Software Engineering Conference, p. 478-487.
23. Siponen, M. and Baskerville, R., A new paradigm for adding security into IS development methods. 2001: 8th Annual Working Conference on Information Security Management andSmall Systems Security.
24. Toval, A., Nicolas, J., Moros, B., and García, F., Requirements Reuse for Improving Information Systems Security: A Practitioner's Approach. 2001: Requirements Engineering Journal, p. 205-219.
25. Walton, J.P., Developing a Enterprise Information Security Policy. 2002, ACM Press: Proceedings of the 30th annual ACM SIGUCCS conference on User services.
26. Yu, E., Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering. 1997: 3rd IEEE International Symposium on Requirements Engineering (RE'97). p. 226-235.