HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

A Risk-Based Approach to Formalise Information Security Requirements for Software Development

Abstract : A primary source of information security problems is often an excessively complex software design that cannot be easily or correctly implemented, maintained nor audited. It is therefore important to establish risk-based information security requirements that can be converted into information security specifications that can be used by programmers to develop security-relevant code. This paper presents a risk-based approach to formalise information security requirements for software development. Based on a formal, structured risk management model, it focuses on how to establish information security requirements to ensure the protection of the information assets implicated. In this way it hopes to provide some educational guidelines on how risk assessment can be incorporated in the education of software developers.
Document type :
Conference papers
Complete list of metadata

Cited literature [8 references]  Display  Hide  Download

Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, February 9, 2017 - 3:45:16 PM
Last modification on : Thursday, February 9, 2017 - 3:51:56 PM
Long-term archiving on: : Wednesday, May 10, 2017 - 2:30:07 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Lynn Futcher, Rossouw Solms. A Risk-Based Approach to Formalise Information Security Requirements for Software Development. 8th World Conference on Information Security Education (WISE), Jul 2009, Bento Gonçalves, Brazil. pp.257-264, ⟨10.1007/978-3-642-39377-8_30⟩. ⟨hal-01463651⟩



Record views


Files downloads