Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development

Autor:	Nicolas Genon, Raimundas Matulevičius, Haralambos Mouratidis, Patrick Heymans, Nicolas Mayer, Eric Dubois
Rok vydání:	2008
Předmět:	Security service Risk analysis (engineering) Information security management Computer science Information security standards Information security Computer security model Computer security computer.software_genre Security testing computer Security information and event management Threat
Zdroj:	Notes on Numerical Fluid Mechanics and Multidisciplinary Design ISBN: 9783319981765 CAiSE
DOI:	10.1007/978-3-540-69534-9_40
Popis:	Security is a major target for today's information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::a798693e0ea2af5b3713ddda74f02c1a https://doi.org/10.1007/978-3-540-69534-9_40 Zobrazit plný text záznamu