A comparison of the common criteria with proposals of information systems security requirements

Proceedings - First International Conference on Availability, Reliability and Security, ARES 2006

Volumn 2006, Issue , 2006, Pages 654-661

  Mellado, Daniel ^a   Fernández Medina, Eduardo ^b   Piattini, Mario ^b  

^a Ministry of Labour and Social Affairs   (Spain)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

[No Author keywords available]

Indexed keywords

INFORMATION TECHNOLOGY; PROBLEM SOLVING; STANDARDS; SYSTEMS ANALYSIS;

INFORMATION SYSTEMS (IS); IS DEVELOPMENT; SECURITY REQUIREMENTS;

SECURITY OF DATA;

EID: 33750950652     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2006.2     Document Type: Conference Paper

References (28)

1. Alberts, C.J., et al., OCTAVE Framework, Version 1.0. 1999: Networked Systems Survivability Program, p. 84.
2. Baskeville, R., The development duality of information systems security. Journal of Management Systems, 1992. 4(1): p. 1-12.
3. Boehm, B. and R. Turner, Observations on Balancing Discipline and Agility. 2003: Agile Development Conference (ADC '03). p. 32.
4. Boehm, B. and R. Turner, Balancing Agility and Discipline: Evaluating and Integrating Agile and Plan-Driven Methods. 2004: ICSE'04. p. 718-719.
5. Breu, R., et al., Towards a Systematic Development of Secure Systems. 2004: WOSIS 2004.
6. Breu, R. and F. Innerhofer-Oberperfler, Model based business driven IT security analysis. 2005: SREIS 2005.
7. D'Souza, D.F. and A.C. Wills, Objects, Components & Frameworks with UML: The Catalysis Approach. 1998: Addison-Wesley Publishing Company.
8. Firesmith, D.G., Engineering Security Requirements. Journal of Object Technology, 2003. 2(1): p. 53-68.
9. Firesmith, D.G., Security Use Cases. 2003: Journal of Object Technology, p. 53-64.
10. Firesmith, D.G., Specifying Reusable Security Requirements. 2004: Journal of Object Technology, p. 61-75.
11. Gutiérrez, C., et al., Security Requirements for Web Services based on SIREN. 2005: SREIS-2005.
12. ISO/TEC, Std 15408. Common Criteria for Information Technology Security Evaluation (v.3.0). 2005.
13. Jacobson, I., G. Booch, and J. Rumbaugh, The Unified Software Development Process. 1999: Addison-Wesley Longman Inc.
14. Jennex, M.E., Modeling security requirements for information systems development. 2005: SREIS 2005.
15. Jürjens, J., Secure Systems Development with UML. 2005: Springer. 309.
16. Kim., H.-K., Automatic Translation Form Requirements Model into Use Cases Modeling on UML, C. Youn-Ky, Editor. 2005: ICCSA 2005.
17. Kotonya, G. and I. Sommerville, Requirements Engineering Process and Techniques. 1998.
18. Liu, L., E. Yu, and J. Mylopoulus, Security and Privacy Requirements Analysis within Social Setting. 2003: 11th IEEE International Requirements Engineering Conference.
19. McDermott, J. and C. Fox. Using Abuse Case Models for Security Requirements Analysis, in Annual Computer Security Applications Conference. 1999. Phoenix, Arizona.
20. Mouratidis, H., et al. A Natural Extension of Tropos Methodology for Modelling Security, in Workshop on Agent-oriented methodologies, at OOPSLA 2002. 2003. Seattle, WA, USA.
21. Myagmar, S., A. J. Lee, and W. Yurcik, Threat Modeling as a Basis for Security Requirements. 2005: SREIS 2005.
22. Peeters, J., Agile Security Requirements Engineering. 2005: SREIS 2005.
23. Piattini Velthus, M., A. Olmos Marin, and A. Toval Álvarez, Seguridad de las Tecnologías de la Información "La construcción de la confianza para una sociedad conectada". AENOR ed. 2003. pp 593-618.
24. Popp, G., et al., Security-Critical System Development with Extended Use Cases. 2003: 10th Asia-Pacific Software Engineering Conference, p. 478-487.
25. Siponen, M. and R. Baskerville, A new paradigm for adding security into IS development methods,. 2001: 8th Annual Working Conference on Information Security Management andSmall Systems Security.
26. Toval, A., et al., Requirements Reuse for Improving Information Systems Security: A Practitioner's Approach. 2001: Requirements Engineering Journal, p. 205-219.
27. Walton, J.P., Developing a Enterprise Information Security Policy. 2002, ACM Press: Proceedings of the 30th annual ACM SIGUCCS conference on User services.
28. Yu, E., Towards Modelling and Reasoning Support for Early-Phase Requirements Engineering. 1997: 3rd IEEE International Symposium on Requirements Engineering (RE'97), p. 226-235.