A Readiness Model for Security Requirements Engineering
| Autor: | Sajjad Mahmood, Yusuf Mufti, Mohammad Alshayeb, Mahmood Niazi |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2018 |
| Předmět: |
secure requirements engineering
General Computer Science Requirements engineering business.industry Computer science Best practice General Engineering Software development 020207 software engineering 02 engineering and technology Readiness model computer.software_genre Security awareness Domain (software engineering) Engineering management Software Systems development life cycle 0202 electrical engineering electronic engineering information engineering Malware 020201 artificial intelligence & image processing General Materials Science lcsh:Electrical engineering. Electronics. Nuclear engineering business computer lcsh:TK1-9971 |
| Zdroj: | IEEE Access, Vol 6, Pp 28611-28631 (2018) |
| ISSN: | 2169-3536 |
| Popis: | The focus on secure software development has been growing steadily in all phases of the software development life cycle. Security awareness in the requirements engineering stage of software development is important in building secure software. One of the major issues faced by the software industry is that many organizations undertake secure software development initiatives without knowing whether they are ready to undertake them. Currently, there is no model to measure the readiness of security requirements engineering in an organization. The objective of this paper is to develop a security requirements engineering readiness model (SRERM) to enable organizations to assess their security requirements engineering (SRE) readiness levels. In order to achieve this goal, a systematic mapping study was conducted to identify the relevant studies in the SRE domain. A total of 104 primary studies were identified, and available evidence was synthesized into 12 security requirements categories and 76 best practices to build a SRERM. Initially, two case studies were conducted in order to evaluate the SRERM in a real-world environment. Based on the outcomes of the two case studies, some modifications were proposed to further improve the SRERM. After modifying the SRERM, two more case studies were conducted in order to evaluate the modifications made to the SRERM. The case study results indicate that the SRERM has the ability to identify the readiness levels of SRE in the software industry. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|