Title :
Utilizing security requirements engineering methods for operational security maintenance purposes
Author :
Abuosba, Khalil ; El-Sheikh, Asim ; Martin, Clemens
Author_Institution :
Arab Acad. for Banking & Financial Sci., Cairo
Abstract :
Secure systems are achieved by implementing appropriate controls and policies specified based on appropriate selection of minimum security requirements. Maintaining security for these systems is a major challenge. Systems may encounter threats that may arise due to exploitation of vulnerabilities or due to programming flaws. In this work we address security requirements engineering approaches and focus primarily on methods that may be utilized for the purpose of investigating incidents. We have shown empirically that threats may be identified by using methods such as faults trees; and systematically that by using other methods such as events trees, incidents may be avoided or prevented.
Keywords :
invasive software; program debugging; systems analysis; fault tree; operational security maintenance purpose; programming flaw; security requirements engineering method; threat identification; Banking; Computer bugs; Computer security; Control systems; Fault diagnosis; Maintenance engineering; Monitoring; Programming; Quality management; Risk management; Security; event; fault; maintenance; trees;
Conference_Titel :
Electrical and Computer Engineering, 2008. CCECE 2008. Canadian Conference on
Conference_Location :
Niagara Falls, ON
Print_ISBN :
978-1-4244-1642-4
Electronic_ISBN :
0840-7789
DOI :
10.1109/CCECE.2008.4564864
