How to select a security requirements method? A comparative study with students and practitioners

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7617 LNCS, Issue , 2012, Pages 89-104

  Massacci, Fabio ^a   Paci, Federica ^a  

^a UNIVERSITY OF TRENTO   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION SCENARIO; COMPARATIVE STUDIES; EMPIRICAL EVALUATIONS; QUALITATIVE STUDY; SECURITY MANAGEMENT; SECURITY REQUIREMENTS; SECURITY REQUIREMENTS ENGINEERING; SECURITY RISKS; SOFTWARE LIFE CYCLES;

EDUCATION; LIFE CYCLE; REQUIREMENTS ENGINEERING; RISK PERCEPTION;

INFORMATION TECHNOLOGY;

EID: 84868373023     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-34210-3_7     Document Type: Conference Paper

References (21)

1. Healthcare Collaborative Network Solution Planning and Implementation. Vervante (2006)
2. Asnar, Y., Giorgini, P., Massacci, F., Saidane, A., Bonato, R., Meduri, V., Ricucci, V.: Secure and dependable patterns in organizations: An empirical approach. In: Proc. of RE 2007, pp. 287-292 (2007)
3. Condori-Fernandez, N., Daneva, M., Sikkel, K., Wieringa, R., Dieste, O., Pastor, O.: A systematic mapping study on empirical evaluation of software requirements specifications techniques. In: Proc. of ESEM 2009, pp. 502-505 (2009)
4. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proc. of RE 2005, pp. 167-176 (2005)
5. Grondahl, I.H., Lund, M.S., Stolen, K.: Reducing the effort to comprehend risk models: Text labels are often preferred over graphical means. Risk Analysis 31(11), 1813-1831 (2011)
6. Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Transactions on Software Engineering 34(1), 133-153 (2008)
7. Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An analysis of the security patterns landscape. In: Proc. of the 3rd Int. Workshop on Soft. Eng. for Secure Systems, SESS 2007, p. 3. IEEE Computer Society (2007)
8. Hogganvik, I., Stølen, K.: A Graphical Approach to Risk Identification, Motivated by Empirical Investigations. In: Wang, J., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 574-588. Springer, Heidelberg (2006)
9. ITGI. CoBIT - Framework Control Objectives Management Guidelines Maturity Models, 4.1 ed. The IT Governance Institute (2007)
10. Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412-425. Springer, Heidelberg (2002)
11. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426-441. Springer, Heidelberg (2002)
12. Lund, M.S., Solhaug, B., Stolen, K.: A guided tour of the coras method. In: Model- Driven Risk Analysis, pp. 23-43. Springer (2011)
13. McGraw, G., Chess, B., Migues, S.: Building Security In Maturity Model (BSIMM3), 3rd edn. Cigital Inc. (2011)
14. Mead, N.R., Stehney, T.: Security quality requirements engineering (square) methodology. SIGSOFT Softw. Eng. Notes 30(4), 1-7 (2005)
15. Microsoft Security Development Life Cycle. Microsft sdl website (2011), http://www.microsoft.com/security/sdl/default.aspx
16. Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. In: Eder, J., Missikoff, M. (eds.) CAiSE 2003. LNCS, vol. 2681, pp. 1031-1031. Springer, Heidelberg (2003)
17. NIST Comp. Security Division. Recommended security controls for federal information systems and organizations. Tech. Rep. 800-53, U.S. Nat. Inst. of Standards and Technology, Rev. 3 (2009)
18. Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Inf. Softw. Technol. 51(5), 916-932 (2009)
19. Potts, C.: Software-engineering research revisited. IEEE Softw. 10(5), 19-28 (1993)
20. The Open Web Application Security Project. Owasp website (2011), http://www.owasp.org
21. Yskout, K., Scandariato, R., Joosen, W.: Change patterns: Co-evolving requirements and architecture. Soft. and Sys. Modeling J. (2012)