A Risk-Based Approach to Formalise Information Security Requirements for Software Development

Abstract : A primary source of information security problems is often an excessively complex software design that cannot be easily or correctly implemented, maintained nor audited. It is therefore important to establish risk-based information security requirements that can be converted into information security specifications that can be used by programmers to develop security-relevant code. This paper presents a risk-based approach to formalise information security requirements for software development. Based on a formal, structured risk management model, it focuses on how to establish information security requirements to ensure the protection of the information assets implicated. In this way it hopes to provide some educational guidelines on how risk assessment can be incorporated in the education of software developers.
Type de document :
Communication dans un congrès
Ronald C. Dodge; Lynn Futcher. 8th World Conference on Information Security Education (WISE), Jul 2009, Bento Gonçalves, Brazil. Springer, IFIP Advances in Information and Communication Technology, AICT-406, pp.257-264, 2013, Information Assurance and Security Education and Training. 〈10.1007/978-3-642-39377-8_30〉
Liste complète des métadonnées

Littérature citée [8 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01463651
Contributeur : Hal Ifip <>
Soumis le : jeudi 9 février 2017 - 15:45:16
Dernière modification le : jeudi 9 février 2017 - 15:51:56
Document(s) archivé(s) le : mercredi 10 mai 2017 - 14:30:07

Fichier

978-3-642-39377-8_30_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Lynn Futcher, Rossouw Solms. A Risk-Based Approach to Formalise Information Security Requirements for Software Development. Ronald C. Dodge; Lynn Futcher. 8th World Conference on Information Security Education (WISE), Jul 2009, Bento Gonçalves, Brazil. Springer, IFIP Advances in Information and Communication Technology, AICT-406, pp.257-264, 2013, Information Assurance and Security Education and Training. 〈10.1007/978-3-642-39377-8_30〉. 〈hal-01463651〉

Partager

Métriques

Consultations de la notice

29

Téléchargements de fichiers

7