Skip to Main content Skip to Navigation
Conference papers

A Risk-Based Approach to Formalise Information Security Requirements for Software Development

Abstract : A primary source of information security problems is often an excessively complex software design that cannot be easily or correctly implemented, maintained nor audited. It is therefore important to establish risk-based information security requirements that can be converted into information security specifications that can be used by programmers to develop security-relevant code. This paper presents a risk-based approach to formalise information security requirements for software development. Based on a formal, structured risk management model, it focuses on how to establish information security requirements to ensure the protection of the information assets implicated. In this way it hopes to provide some educational guidelines on how risk assessment can be incorporated in the education of software developers.
Document type :
Conference papers
Complete list of metadatas

Cited literature [8 references]  Display  Hide  Download

https://hal.inria.fr/hal-01463651
Contributor : Hal Ifip <>
Submitted on : Thursday, February 9, 2017 - 3:45:16 PM
Last modification on : Thursday, February 9, 2017 - 3:51:56 PM
Long-term archiving on: : Wednesday, May 10, 2017 - 2:30:07 PM

File

978-3-642-39377-8_30_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Lynn Futcher, Rossouw Solms. A Risk-Based Approach to Formalise Information Security Requirements for Software Development. 8th World Conference on Information Security Education (WISE), Jul 2009, Bento Gonçalves, Brazil. pp.257-264, ⟨10.1007/978-3-642-39377-8_30⟩. ⟨hal-01463651⟩

Share

Metrics

Record views

124

Files downloads

229