Franqueira, Virginia Nunes Leal (2011) Towards Agile Security Risk Management in RE and Beyond. In: First International Workshop on Empirical Requirements Engineering (EmpiRE), 2011. Institute of Electrical and Electronics Engineers (IEEE), Trento, pp. 33-36. ISBN 978-1-4577-1075-9
Full text not available from this repository.
Official URL: http://dx.doi.org/10.1109/EmpiRE.2011.6046253
Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security state of the system being developed. This paper takes the position that (1) these isolated security assurance practices should be fully integrated and should be embedded in short iterations of risk assessment, treatment and acceptance, providing input for updating security requirements and for security risk management, and that (2) available empirical data from public catalogs and databases should be used as a source of expertise, to leverage past experiences, and therefore reduce, although not eliminate, subjectivity of human judgment. Borrowing from the agile software development and project management philosophy, we introduce the idea of a light weight, agile approach to security risk management integrated to the development life cycle.
|Item Type:||Book Section|
|Uncontrolled Keywords (separate with ;):||Information Security Risk Management; Agile Software Development; Secure Engineering; Security Assurance|
|Subjects:||Computer science > Computer architectures & operating systems|
|Schools:||Faculty of Science and Technology > School of Physical Sciences and Computing|
|Deposited By:||Carmit Erez|
|Deposited On:||05 Nov 2012 13:50|
|Last Modified:||17 May 2016 12:34|
Downloads per month over past year
Downloads for past 30 days
Repository Staff Only: item control page