loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Roman Wirtz and Maritta Heisel

Affiliation: Working Group Software Engineering, University of Duisburg - Essen, Oststr. 99, Duisburg, Germany

Keyword(s): Security Risk, Risk Management, Risk Treatment, Controls, Requirements Engineering, Model-based, Patterns.

Abstract: In recent years, a significant number of security breaches have been reported. A security breach can lead to value loss for stakeholders, not only financially but also in terms of reputation loss. The likelihood and consequnce of a scenario, impacting security of software, constitute a risk level. Risk management describes coordinated activities to identify, evaluate, and treat risks. Following the principle of security-by-design and treating risks as early as possible during software development, the costs can be reduced significantly. Based on our previous work to identify and evaluate risks, we aim to assist developers in treating risks in one of the earliest phases, i.e. during requirements engineering. To do so, we propose a stepwise method that allows selecting and documenting suitable countermeasures, i.e. controls. As input, it takes a requirements model and a CORAS security model. A distinguishing feature of our method is that we use patterns in the form of templates to eval uate the effectiveness of controls. Furthermore, we integrate the selected controls into the requirements model following an aspect-oriented approach. The resulting model can be used as input for the design phase, thus helping to create an architecture that considers security right from the beginning. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.145.143.239

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wirtz, R. and Heisel, M. (2020). Systematic Treatment of Security Risks during Requirements Engineering. In Proceedings of the 15th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE; ISBN 978-989-758-421-3; ISSN 2184-4895, SciTePress, pages 132-143. DOI: 10.5220/0009397001320143

@conference{enase20,
author={Roman Wirtz. and Maritta Heisel.},
title={Systematic Treatment of Security Risks during Requirements Engineering},
booktitle={Proceedings of the 15th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE},
year={2020},
pages={132-143},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009397001320143},
isbn={978-989-758-421-3},
issn={2184-4895},
}

TY - CONF

JO - Proceedings of the 15th International Conference on Evaluation of Novel Approaches to Software Engineering - ENASE
TI - Systematic Treatment of Security Risks during Requirements Engineering
SN - 978-989-758-421-3
IS - 2184-4895
AU - Wirtz, R.
AU - Heisel, M.
PY - 2020
SP - 132
EP - 143
DO - 10.5220/0009397001320143
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic