Title :
Service Security Requirement Profiles for Telecom: How Software Engineers May Tackle Security
Author :
Zuccato, Albin ; Daniels, Nils ; Jampathom, Cheeverat
Author_Institution :
TeliaSonera, Stockholm, Sweden
Abstract :
Security requirement engineering for services is in practice frequently performed by security non-experts. For them the security requirements and their dependencies are not directly known. To mitigate this, the paper suggests the usage of a business oriented security requirement profiles (e.g. VoIP, IP-TV...) containing information security, privacy, fraud/abuse, resilience and assurance requirements. The criteria and the creation process for such reusable and adaptable profiles are shown. Then the requirement profiles are set in context with a development process. We show how to stepwise adjust the profile to the actual service needs at development stages where the budget and knowledge are available. Finally, experiences from real projects are presented.
Keywords :
formal specification; security of data; telecommunication security; business oriented security requirement profiles; security requirement engineering; service security requirement profiles; software engineers; telecom; Availability; Information security; Privacy; Resilience; Risk analysis; Holistic Security Requirement; Security Requirement Profile; Service Security Requirement;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.81
