F – VIVAN Kourosh
Authors Universidad de Murcia Ambrosio TOVAL, Reader in Software Engineering in the Department of Computing Joaquin NICOLAS Begona MOROS, lecturer. She has a background in prototyping environment, software development and requirement engineering (RE) Universidad Politécnica de Valencia Fernando GARCIS VIVAN Kourosh - ME 20132
Origins CARMMA project: develop a risk analysis using MAGERIT in the Regional Information Systems and Telecommunications Office One year/ 5 analysts/ 50 stakeholders Results Countermeasures costs could be lower if assets would be developed taking into security issue from the beginning. But MAGERIT countermeasures are linked to thread not assets. VIVAN Kourosh - ME 20133
Purpose Method took place during elicitation and specification Use a reused repository that contains Requirements from MAGERIT Method focus on security of information system Method result are: Specification documents and testing documents VIVAN Kourosh - ME 20134
Main phases 1. Requirements selection 2. Analysis and negociation 3. Documentation 4. Repository improvement 5. Validation VIVAN Kourosh - ME 20135
Create reused repository VIVAN Kourosh - ME 20136
Reused repository Classified by domains and profiles Domains: finance, shop... Profiles: personal data law privacy, information system security… Requirement can be parameterized or not VIVAN Kourosh - ME 20137
Requirements selection VIVAN Kourosh - ME 20138
Analysis and negotiation VIVAN Kourosh - ME 20139
Documentation VIVAN Kourosh - ME
Repository improvement & Validation VIVAN Kourosh - ME
Related litteratures Toval, A., Nicolás, J., Moros, B., & García, F. (2002). Requirements reuse for improving information systems security: a practitioner’s approach.Requirements Engineering, 6(4), Sindre, G., Firesmith, D. G., & Opdahl, A. L. (2003, June). A reuse- based approach to determining security requirements. In Proceedings of the 9th international workshop on requirements engineering: foundation for software quality (REFSQ’03), Klagenfurt, Austria. Gutiérrez, C., Moros, B., Toval, A., Fernández-Medina, E., & Piattini, M. (2005, August). Security requirements for web services based on SIREN. In Symposium on Requirements Engineering for Information Security, Paris, France. Tsang, V. W. S. Towards Analysis of Templates for Security Requirements(Doctoral dissertation, University of Auckland). VIVAN Kourosh - ME
PDD VIVAN Kourosh - ME
Deliverables VIVAN Kourosh - ME
Exemple SyRS S42. The maintainability contract of the electronic equipment shall include a clause enforcing the supplier to make a commitment to solve any failure in less than [time in minutes]. SyRS: System Requirement Specification document 3.5.2: Section number 3.5 System attributes S42 : Security requirement 42 IEEE 1233 standard VIVAN Kourosh - ME
VIVAN Kourosh - ME