A comparison of security requirements engineering methods
This paper presents a conceptual framework for security engineering, with a strong focus on
security requirements elicitation and analysis. This conceptual framework establishes a …
security requirements elicitation and analysis. This conceptual framework establishes a …
A systematic approach to define the domain of information system security risk management
Today, security concerns are at the heart of information systems, both at technological and
organizational levels. With over 200 practitioner-oriented risk management methods and …
organizational levels. With over 200 practitioner-oriented risk management methods and …
A systematic review and analytical evaluation of security requirements engineering approaches
Security is an inevitable concern in today's scenario of software-based application's
pervasiveness and development practices. Researchers and practitioners frequently …
pervasiveness and development practices. Researchers and practitioners frequently …
Experimental comparison of attack trees and misuse cases for security threat identification
A number of methods have been proposed or adapted to include security in the
requirements analysis stage, but the industrial take-up has been limited and there are few …
requirements analysis stage, but the industrial take-up has been limited and there are few …
[HTML][HTML] A new comprehensive framework for enterprise information security risk management
MS Saleh, A Alfantookh - Applied computing and informatics, 2011 - Elsevier
With the wide spread use of e-transactions in enterprises, information security risk
management (ISRM) is becoming essential for establishing a safe environment for their …
management (ISRM) is becoming essential for establishing a safe environment for their …
A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities
Many security breaches occur because of exploitation of vulnerabilities within the system.
Vulnerabilities are weaknesses in the requirements, design, and implementation, which …
Vulnerabilities are weaknesses in the requirements, design, and implementation, which …
[PDF][PDF] Approaches to develop and implement iso/iec 27001 standard-information security management systems: A systematic literature review
D Ganji, C Kalloniatis, H Mouratidis… - Int. J. Adv …, 2019 - researchgate.net
This systematic literature review intends to determine the extent to which contribution is
available to assist organisations and interested parties to understand better or comply with …
available to assist organisations and interested parties to understand better or comply with …
A survey of information security risk analysis methods
A Behnia, R Abd Rashid, JA Chaudhry - SmartCR, 2012 - dbpia.co.kr
There are already many models of risk assessment and more are emerging every day. They
all have the same fundamental target, but most attempt to hit the target from very different …
all have the same fundamental target, but most attempt to hit the target from very different …
Alignment of misuse cases with security risk management
R Matulevicius, N Mayer… - 2008 Third International …, 2008 - ieeexplore.ieee.org
It is recognised that security has to be addressed through the whole system development
process. However current practices address security only in late stages, ie, development or …
process. However current practices address security only in late stages, ie, development or …
Adapting secure tropos for security risk management in the early phases of information systems development
Security is a major target for today's information systems (IS) designers. Security modelling
languages exist to reason on security in the early phases of IS development, when the most …
languages exist to reason on security in the early phases of IS development, when the most …