RiskREP: Risk-Based Security Requirements Elicitation and Prioritization
نویسنده
چکیده
Today, companies are required to be in control of the security of their IT assets. This is especially challenging in the presence of limited budgets and conflicting requirements. Here, we present RiskBased Requirements Elicitation and Prioritization (RiskREP), a method for managing IT security risks by combining the results of a top-down requirements analysis with a bottom-up risk analysis. Top-down, it prioritizes security goals and from there it derives verifiable requirements. Bottom-up, it analyzes IT architectures in order to identify security risks in the form of critical components. Linking these critical components to security requirements helps to analyze the effects of these requirements on business goals, and to prioritize security requirements. The security requirements also are the basis for deriving test cases for security analysis and compliance monitoring.
منابع مشابه
Risk and Business Goal Based Security Requirement and Countermeasure Prioritization
Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement ―good-enough security‖ but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without bei...
متن کاملEliciting Stakeholder Preferences for Requirements Prioritization
Requirements engineering is a very critical phase in software development process. Requirements can be interpreted as basic decision alternatives which have to be negotiated by stakeholders. In this paper we present the results of an empirical study which focused on the analysis of key influence factors of successful requirements prioritization. This study has been conducted within the scope of...
متن کاملSupporting the Requirements Prioritization Process. a Machine Learning Approach Limited Distribution Notice Supporting the Requirements Prioritization Process. a Machine Learning Approach
Requirements prioritization plays a key role in the requirements engineering process, in particular with respect to critical tasks such as requirements negotiation and software release planning. This paper presents a novel framework which is based on a requirements prioritization process that interleaves human and machine activities, enabling for an accurate prioritization of requirements. Simi...
متن کاملSupporting the Requirements Prioritization Process. A Machine Learning approach
Requirements prioritization plays a key role in the requirements engineering process, in particular with respect to critical tasks such as requirements negotiation and software release planning. This paper presents a novel framework which is based on a requirements prioritization process that interleaves human and machine activities, enabling for an accurate prioritization of requirements. Simi...
متن کاملSecurity Requirements Engineering: Analysis and Prioritization
with the increase in the use of software system, security requirement engineering becomes an emergent area of study. Security requirements are constraints to a system which must be satisfied for consistent system. Most of the software engineering processes deals with security constraints during the design or implementation phases which may result into unnecessary constrained system. So the need...
متن کامل