Title :
Security triage: A report of a lean security requirements methodology for cost-effective security analysis
Author :
Giacalone, Matteo ; Mammoliti, Rocco ; Massacci, F. ; Paci, Federica ; Perugino, Rodolfo ; Selli, Claudio
Author_Institution :
Security & Safety, Poste Italiane SpA, Rome, Italy
Abstract :
Poste Italiane is a large corporation offering integrated services in banking and savings, postal services, and mobile communication. Every year, it receives thousands of change requests for its ICT services. Applying to each and every request a security assessment “by the book”is simply not possible. We report the experience by Poste Italiane of a lean methodology to identify security requirements that can be inserted in the production cycle of a normal company. The process is based on surveying the overall IT architectures (Security Survey) and then a lean dynamic process (Security Triage) to evaluate individual change requests, so that important changes get the attention they need, minor changes can be quickly implemented, and compliance and security obligations are met.
Keywords :
security of data; service industries; ICT services; Poste Italiane; cost-effective security analysis; information and communication technology; lean dynamic process; lean methodology; lean security requirements methodology; security obligations; security survey; security triage; Companies; Economics; Law; Security; Standards;
Conference_Titel :
Empirical Requirements Engineering (EmpiRE), 2014 IEEE Fourth International Workshop on
Conference_Location :
Karlskrona
DOI :
10.1109/EmpiRE.2014.6890112
