• DocumentCode
    1089179
  • Title

    Considering Operational Security Risk during System Development

  • Author

    Woody, Carol ; Alberts, Christoph

  • Author_Institution
    Software Eng. Inst., Carnegie Mellon Univ., Pittsburgh, PA
  • Volume
    5
  • Issue
    1
  • fYear
    2007
  • Firstpage
    30
  • Lastpage
    35
  • Abstract
    Software products today are riddled with defects, some of which leave systems vulnerable to cyber-attacks. Although high-quality development processes can limit vulnerabilities, these processes alone aren´t sufficient for operational security. The operational security of software-intensive systems is closely linked to the practices and techniques used during system design and development. In this article, we discuss OCTAVE within the context of analyzing an organization´s potential operational security risks for a software-intensive system development project prior to actual deployment
  • Keywords
    computer crime; project management; risk management; safety-critical software; software development management; OCTAVE security risk method; cyber-attacks; operational security risk; software products; software-intensive system development project; Computer security; Contingency management; Disaster management; Information security; Management training; Performance analysis; Privacy; Risk management; Software engineering; Software systems; OCTAVE; operational security; system development;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2007.3
  • Filename
    4085591
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1089179