Reducing the gap between security audit and software engineering methods

Author

El rhaffari, Ikram ; Roudies, Ounsa

Author_Institution

Ecole Mohammadia d´Ing., Mohammed V-Agdal Univ., Rabat, Morocco

fYear

2013

fDate

7-9 Oct. 2013

Firstpage

255

Lastpage

262

Abstract

The information security aspect has become a major concern for software project leaders. The problem is that software engineers still consider security issues as add-on requirements expressed and verified by “external” actors like auditors or security managers. We aim to help software engineers by identifying precisely what they are expected to do and to deliver at each step, in order to enhance the security level of the targeted information system. In this paper, we focus on merging security issues in software life cycle. Therefore, we extract security requirements and best practices from security audit methods and embed them in software methods. We consider in particular the well-known UP and MEHARI methods. The idea is to anchor security recommendations from the MEHARI method in the lifecycle of the UP, by the mean of meta-modeling approach.

Keywords

security of data; software engineering; MEHARI method; UP method; add-on requirements; gap reduction; information security aspect; information system; meta-modeling approach; security audit methods; security issues; security level enhancement; security requirement extraction; software engineering methods; software life cycle; software project leaders; IEC standards; ISO standards; Information systems; Security; Software; Software engineering; MDE; Mapping; Mehari; Method mapping; Security Audit; Software engenniring; Unified process; anchor;

fLanguage

English

Publisher

ieee

Conference_Titel

Science and Information Conference (SAI), 2013

Conference_Location

London

Type

conf

Filename

6661748