Title :
Enhancing Use Cases with Subjective Risk Assessment
Author :
Arogundade, O.T. ; Jin, Z. ; Yang, X.G.
Author_Institution :
Inst. of Syst. Sci., CAS, Beijing, China
Abstract :
The aim of this article is to advance the discussion of use-misuse cases as a tool for information system security risk assessment during system development. We closely examined the limitations and came up with some basic pointers that needed to be addressed in order to overcome the limitations. We proposed some solutions to these lacks and present a framework and modeling process to achieve the solutions. We illustrate the use of the proposed model on popular e-shop system as a case study. The proposed model is able to allow managers and system developers to share a commonly understand view concerning the potential impact of various information system related threats that make sense to them within their limited resources.
Keywords :
retail data processing; risk management; security of data; e-shop system; information system security risk assessment; subjective risk assessment; use case enhancement; Analytical models; Availability; Information systems; Risk management; Security; Unified modeling language; UML; misuse cases; requirement engineering; risk assessment; scenario; security; use cases;
Conference_Titel :
Secure Software Integration & Reliability Improvement Companion (SSIRI-C), 2011 5th International Conference on
Conference_Location :
Jeju Island
Print_ISBN :
978-1-4577-0781-0
Electronic_ISBN :
978-0-7695-4454-0
DOI :
10.1109/SSIRI-C.2011.29
