A Risk-Based Approach to Formalise Information Security Requirements for Software Development

机译：一种基于风险的方法来正式制定软件开发的信息安全要求

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

A primary source of information security problems is often an excessively complex software design that cannot be easily or correctly implemented, maintained nor audited. It is therefore important to establish risk-based information security requirements that can be converted into information security specifications that can be used by programmers to develop security-relevant code. This paper presents a risk-based approach to formalise information security requirements for software development. Based on a formal, structured risk management model, it focuses on how to establish information security requirements to ensure the protection of the information assets implicated. In this way it hopes to provide some educational guidelines on how risk assessment can be incorporated in the education of software developers.

机译：信息安全问题的主要来源通常是过于复杂的软件设计，无法轻松或正确地实施，维护或审核。因此，建立基于风险的信息安全要求非常重要，该要求可以转换为信息安全规范，程序员可以使用该规范来开发与安全相关的代码。本文提出了一种基于风险的方法来规范软件开发的信息安全要求。在一个正式的，结构化的风险管理模型的基础上，它着重于如何建立信息安全要求以确保对所涉及的信息资产的保护。它希望以此方式提供一些有关如何将风险评估纳入软件开发人员教育的教育指导。

著录项

来源
《Information assurance and security education and training》|2013年|257-264|共8页
会议地点 Auckland(NZ);Lucerne(CH);Bento Goncalves(BR)
作者
Lynn Futcher; Rossouw von Solms;
展开▼
作者单位

Nelson Mandela Metropolitan University, Port Elizabeth, South Africa;

Nelson Mandela Metropolitan University, Port Elizabeth, South Africa;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
Information security; security requirements; risk analysis; risk assessment; risk treatment; risk-based approach;

机译：信息安全;安全要求；风险分析;风险评估;风险处理；基于风险的方法;

相似文献

外文文献
中文文献
专利

1. A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes [J] . Annette Tetmeyer, Daniel Hein, Hossein Saiedian International journal of secure software engineering . 2014,第4期

机译：在非传统软件开发过程中提取安全要求的标记方法
2. Towards ontological approach to eliciting risk-based security requirements [J] . Oluwasefunmi Tale Arogundade, Zhi Jin, Xiaoguang Yang International journal of information and computer security . 2014,第2期

机译：迈向基于风险的安全需求的本体论方法
3. An Exhaustive Requirement Analysis Approach to Estimate Risk Using Requirement Defect and Execution Flow Dependency for Software Development [J] . Chetna Gupta, Priyanka Chandani Journal of information technology research . 2018,第2期

机译：使用需求缺陷和执行流依赖性进行软件开发的风险估计的详尽需求分析方法
4. A Risk-Based Approach to Formalise Information Security Requirements for Software Development [C] . Lynn Futcher, Rossouw von Solms World Conference on Information Security Education . 2013

机译：基于风险的方法来形式化软件开发信息安全要求的方法
5. A POS Tagging Approach to Capture Security Requirements within an Agile Software Development Process [D] . Tetmeyer, Annette 2013

机译：POS标记方法可在敏捷软件开发过程中捕获安全需求
6. A fuzzy TOPSIS based analysis toward selection of effective security requirements engineering approach for trustworthy healthcare software development [O] . Md Tarique Jamal Ansari, Fahad Ahmed Al-Zahrani, Dhirendra Pandey, 2020

机译：基于模糊的TopSis对有效安全要求工程方法的选择分析可靠性医疗软件开发
7. A Risk-Based Approach to Formalise Information Security Requirements for Software Development [O] . Futcher, Lynn, Solms, Rossouw, 2009

机译：一种基于风险的方法来正式制定软件开发的信息安全要求
8. Formalisation and Representation of a Product-Driven Approach to Method Assemblyfor Situational Systems Development [R] . Harmsen, F., Brinkkemper, S. 1994

机译：形式化和表示产品驱动的方法组装方法开发

A Risk-Based Approach to Formalise Information Security Requirements for Software Development

摘要

著录项

相似文献

相关主题

期刊订阅