Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

机译：基于风险和业务目标的安全需求和对策优先级

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement "good-enough security" but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case.

机译：公司承受着控制其资产的压力，但与此同时，它们必须尽可能高效地运作。这意味着他们旨在实现“足够好的安全性”，但需要能够证明其安全投资计划的合理性。当前，公司通过基于核对表的安全评估来实现这一目标，但是这些方法是达成共识的一种方式，而又不能根据业务目标提供对策的依据。但是，要在网络业务中安全有效地运行，就需要有这样的理由。在本文中，我们首先将基于风险的需求优先级排序方法（RiskREP）与一些需求工程和风险评估方法进行了比较，这些方法基于需求诱导和优先级划分属性。 RiskREP通过基于IT体系结构的风险评估，对策定义和优先级扩展了基于滥用案例的需求工程方法。然后，我们介绍RiskREP如何通过将业务目标与对策规范联系起来来确定对策的优先级。根据业务目标确定对策的优先级，对于为利益相关者提供结构化的论据以选择要实施的对策尤为重要。我们将说明RiskREP以及它如何对应用程序对行动案例提出的对策进行优先排序。

著录项

来源
《Workshops on business informatics research》|2011年|p.64-76|共13页
会议地点 Riga(LV);Riga(LV);Riga(LV);Riga(LV);Riga(LV);Riga(LV);Riga(LV);Riga(LV);Riga(LV);Riga(LV)
作者
Andrea Herrmann; Ayse Morali; Sandro Etalle; Roel Wieringa;
展开▼
作者单位

Ascure N.V., St. Denijs-Westrem, Belgium;

Eindhoven Technical University, Eindhoven, The Netherlands;

University of Twente, Enschede, The Netherlands;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类电子贸易、网上贸易;
关键词
non-functional requirements; risk assessment; misuse cases; IT architecture; security; prioritization;

机译：非功能性需求；风险评估;滥用案例； IT架构；安全;优先次序;

相似文献

外文文献
中文文献
专利

1. A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities [J] . Golnaz Elahi, Eric Yu, Nicola Zannone Requirements Engineering . 2010,第1期

机译：以漏洞为中心的需求工程框架：基于漏洞分析安全攻击，对策和需求
2. Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns [J] . Raimundas Matulevicius, Naved Ahmed Information Technology . 2013,第6期

机译：使用面向安全风险的模式从业务流程中消除安全要求
3. Fuzzy Interference Approach Based Prioritization of Security Requirements [J] . S. Mithun Brindha, G. Singaravel Indian Journal of Innovations and Developments . 2014,第4期

机译：基于模糊干扰方法的安全需求优先级排序
4. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization [C] . Andrea Herrmann, Ayse Morali, Sandro Etalle, International workshop on alignment of business process and security modeling . 2012

机译：基于风险和业务目标的安全要求和对策优先级
5. Goal-oriented business process monitoring: An approach based on user requirement notation combined with business intelligence and Web services [D] . Chen, Pengfei 2008

机译：面向目标的业务流程监视：一种基于用户需求表示法并结合了商业智能和Web服务的方法
6. Biosafety and biosecurity requirements for Orientia spp. diagnosis and research: recommendations for risk-based biocontainment work practices and the case for reclassification to risk group 2 [O] . Stuart D. Blacksell, Matthew T. Robinson, Paul N. Newton, 2019

机译：Orientia spp的生物安全和生物安全要求。诊断和研究：基于风险的生物遏制工作实践的建议以及将其重新归类为风险组2的案例
7. Risk and Business Goal Based Security Requirement and Countermeasure Prioritization [O] . Herrmann, Andrea, Morali, A., Etalle, Sandro, 2012

机译：基于风险和业务目标的安全需求和对策优先级

Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

摘要

著录项

相似文献

相关主题

期刊订阅