A Security Requirements Engineering Process in Practice
نویسندگان
چکیده
منابع مشابه
Applying a Security Requirements Engineering Process
Nowadays, security solutions are mainly focused on providing security defences, instead of solving one of the main reasons for security problems that refers to an appropriate Information Systems (IS) design. In fact, requirements engineering often neglects enough attention to security concerns. In this paper it will be presented a case study of our proposal, called SREP (Security Requirements E...
متن کاملRequirements Engineering Process Models in Practice
Requirements engineering literature presents different models of the requirements engineering process. The process models range from linear to iterative in structure. This paper reports on a study of the requirements engineering processes at two Australian companies. Structured interviews were conducted with the aid of a qualitative questionnaire. The results from the interviews are discussed, ...
متن کاملUnderstanding Requirements Engineering Process: a Challenge for Practice and Education
Reviews of the state of the professional practice in Requirements Engineering (RE) stress that the RE process is both complex and hard to describe, and suggest there is a significant difference between competent and "approved" practice. "Approved" practice is reflected by (in all likelihood, in fact, has its genesis in) RE education, so that the knowledge and skills taught to students do not ma...
متن کاملUsing Requirements Engineering in an Automatic Security Policy Derivation Process
Traditionally, a security policy is defined from an informal set of requirements, generally written using natural language. It is then difficult to appreciate the compatibility degree of the manually generated security policy with the informal requirements definition underpinning specifications appearing in this document. The idea of this paper is to automate the process of deriving the formal ...
متن کاملAgile Security Requirements Engineering
Agile processes have been deemed unsuitable for security sensitive software development as the rigors of assurance are seen to conflict with the lightweight and informal nature of agile processes. However, such apparently conflicting demands may be reconciled by introducing the new notion of abuser stories in the requirements domain. These extend the wellestablished concept of user stories to a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Latin America Transactions
سال: 2007
ISSN: 1548-0992
DOI: 10.1109/tla.2007.4378508