Title :
Considering Operational Security Risk during System Development
Author :
Woody, Carol ; Alberts, Christoph
Author_Institution :
Software Eng. Inst., Carnegie Mellon Univ., Pittsburgh, PA
Abstract :
Software products today are riddled with defects, some of which leave systems vulnerable to cyber-attacks. Although high-quality development processes can limit vulnerabilities, these processes alone aren´t sufficient for operational security. The operational security of software-intensive systems is closely linked to the practices and techniques used during system design and development. In this article, we discuss OCTAVE within the context of analyzing an organization´s potential operational security risks for a software-intensive system development project prior to actual deployment
Keywords :
computer crime; project management; risk management; safety-critical software; software development management; OCTAVE security risk method; cyber-attacks; operational security risk; software products; software-intensive system development project; Computer security; Contingency management; Disaster management; Information security; Management training; Performance analysis; Privacy; Risk management; Software engineering; Software systems; OCTAVE; operational security; system development;
Journal_Title :
Security & Privacy, IEEE
