Adapting secure tropos for security risk management in the early phases of information systems development

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5074 LNCS, Issue , 2008, Pages 541-555

  Matulevičius, Raimundas ^a   Mayer, Nicolas ^a,b   Mouratidis, Haralambos ^c   Dubois, Eric ^b   Heymans, Patrick ^a   Genon, Nicolas ^a  

^a UNIVERSITY OF NAMUR   (Belgium)

^b LUXEMBOURG INSTITUTE OF SCIENCE AND TECHNOLOGY   (Luxembourg)

^c UNIVERSITY OF EAST LONDON   (United Kingdom)

Author keywords

Information system; Risk management; Secure Tropos; Security

Indexed keywords

ADMINISTRATIVE DATA PROCESSING; FINANCE; FINANCIAL DATA PROCESSING; HEALTH; INDUSTRIAL ENGINEERING; INFORMATION SCIENCE; INFORMATION SYSTEMS; INSURANCE; LINGUISTICS; MANAGEMENT; MANAGEMENT INFORMATION SYSTEMS; MODAL ANALYSIS; QUERY LANGUAGES; RISK ANALYSIS; RISK ASSESSMENT; RISK MANAGEMENT; RISKS; STANDARDS; SYSTEMS ENGINEERING; TERMINOLOGY;

ADVANCED INFORMATION SYSTEMS (CO); AGENT-BASED; CRUCIAL DESIGN; HEIDELBERG (CO); INFORMATION SYSTEMS (IS); INFORMATION SYSTEMS DEVELOPMENT (ISD); INTERNATIONAL CONFERENCES; IS SECURITY; LANGUAGES (TRADITIONAL); MANAGEMENT STANDARDS; REFERENCE MODELS; SECURITY RISKS; SPRINGER (CO);

INFORMATION MANAGEMENT;

EID: 45849134150     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-69534-9_40     Document Type: Conference Paper

References (29)

1. Basel Committee on Banking Supervision: International Convergence of Capital Measurement and Capital Standards. Bank for International Settlements (2004)
2. United States Senate and House of Representatives in Congress: Sarbanes-Oxley Act of 2002. Public Law 107-204 (116 Statute 745) (2002)
3. Mayer, N., Heymans, P., Matulevičius, R.: Design of a Modelling Language for Information System Security Risk Management. In: Proceedings of the 1st International Conference on Research Challenges in Information Science (RCIS 2007), pp. 121-131 (2007)
4. Mouratidis, H., Giorgini, P.: Secure Tropos: A Security-oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering (IJSEKE) 17(2), 285-309 (2007)
5. DCSSL: EBIOS-Expression of Needs and Identification of Security Objectives (2004)
6. ENISA: Inventory of Risk Assessment and Risk Management Methods (2004)
7. ISO: Information Technology-Security Techniques-Information Security Management Systems-Requirements, International Organisation for Standardisation (2005)
8. Mouratidis, H., Giorgini, P., Manson, G.: Using Tropos Methodology to an Model Integrated Health Assessment System. In: Proceedings of the Fourth International Bi-Conference on Agent-oriented Information Systems (AOIS 2002) (2002)
9. Matulevičius, R., Mayer, N., Heymans, P.: Alignment of Misuse Cases with Security Risk Management. In: Proceedings of the ARES 2008 Symposium on Requirements Engineering for Information Security (SREIS 2008), pp. 1397-1404. IEEE Computer Society, Los Alamitos (2008)
10. Asnar, Y., Giorgini, P.: Modelling Risk and Identifying Cuntermeasure in Organizations. In: Proceedings of the 1st Interational Workshop on Critical Information Intrastructures Security, pp. 55-66. Springer, Heidelberg (2006)
11. Lin, L., Nuseibeh, B., Ince, D., Jackson, M.: Using Abuse Frames to Bound the Scope of Security Problems. In: Proceedings of the 12th IEEE international Conference on Requirements Engineering (RE 2004), pp. 354-355. IEEE Computer Society, Los Alamitos (2004)
12. McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC 1999), p. 55 (1999)
13. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering Journal 10(1), 34-44 (2005)
14. Sindre, G.: Mal-activity Diagrams for Capturing Attacks on Business Processes. In: Sawyer, P., Paech, B., Heymans, P. (eds.) REFSQ 2007. LNCS, vol. 4542, pp. 355-366. Springer, Heidelberg (2007)
15. Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-based Modeling Language for Model-driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426-441. Springer, Heidelberg (2002)
16. Jurjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412-425. Springer, Heidelberg (2002)
17. Elahi, G., Yu, E.: A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 87-101. Springer, Heidelberg (2007)
18. van Lamsweerde, A.: Elaborating Security Requirements by Construction of Intentional Anti-models. In: Proceedings of the 26th International Conference on Software Engineering (ICSE 2004), pp. 148-157. IEEE Computer Society, Los Alamitos (2004)
19. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling Security Requirements Through Ownership, Permision and Delegation. In: Proceedings of the 13th IEEE International Conference on Requirements Engineering (RE 2005). IEEE Computer Society, Los Alamitos (2005)
20. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modelling social and individual trust in requirements engineering methodologies. In: Proceedings of the 3nd International Conference on Trust Management. LNCS, pp. 161-176. Springer, Heidelberg (2005)
21. Mouratidis, H., Jurjens, J., Fox, J.: Towards a Comprehensive Framework for Secure Systems Development. In: Dubois, E., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 48-62. Springer, Heidelberg (2006)
22. Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: an Agent-oriented Software Development Methodology. Journal of Autonomous Agents and Multi-Agent Systems 8, 203-236 (2004)
23. Castro, J., Kolp, M., Mylopoulos, J.: Towards Requirements-Driven Information Systems Engineering: The TROPOS Project. Information Systems 27, 365-389 (2002)
24. Mouratidis, H., Giorgini, P., Manson, G.A.: When Security Meets Software Engineering: a Case of Modelling Secure Information Systems. Information Systems 30(8), 609-629 (2005)
25. Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 63-78. Springer, Heidelberg (2003)
26. Genon, N.: Modelling Security during Early Requirements: Contributions to and Usage of a Domain Model for Information System Security Risk Management. Master thesis, University of Namur (2007)
27. Mouratidis, H., Philp, I., Manson, G.: A Novel Agent-Based System to Support the Single Assessment Process of Older People. Journal of Health Informatics 9(3), 149-162 (2003)
28. Mouratidis, H.: A Security Oriented Approach in the Development of Multiagent Systems: Applied to the Management of the Health and Social Care Needs of Older People in England. PhD thesis, Department of Computer Science, University of Sheffield, UK (2004)
29. van Lamsweerde, A., Letier, E.: Handling Obstacles in Goal-oriented Requirements Engineering. Transactions on Software Engineering 26(10), 978-1005 (2000)