Systematic Treatment of Security Risks during Requirements Engineering

Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present the SQUARE security requirements method. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They then present a privacy elicitation technique and subsequently combine security risk assessment techniques with privacy risk assessment techniques. The authors discuss prototype tools that have been developed to support SQUARE for security and privacy as well as recent workshops that have focused on additional results in the security and privacy requirements area. Finally, the authors suggest future research and case studies needed to further contribute to early lifecycle activities that will address security and privacy-related issues.

Download Full-text

Security and Privacy Requirements Engineering

Handbook of Research on Emerging Developments in Data Privacy - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-7381-6.ch010 ◽

2015 ◽

pp. 199-215

Author(s):

Nancy R. Mead ◽

Saeed Abu-Nimeh

Keyword(s):

Risk Assessment ◽

Requirements Engineering ◽

Security Requirements ◽

Security And Privacy ◽

Future Research ◽

Security Risk ◽

Security Risks ◽

Privacy Requirements ◽

Assessment Techniques ◽

Security Risk Assessment

Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present the SQUARE security requirements method. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They then present a privacy elicitation technique and subsequently combine security risk assessment techniques with privacy risk assessment techniques. The authors discuss prototype tools that have been developed to support SQUARE for security and privacy as well as recent workshops that have focused on additional results in the security and privacy requirements area. Finally, the authors suggest future research and case studies needed to further contribute to early lifecycle activities that will address security and privacy-related issues.

Download Full-text

Combining Security and Privacy in Requirements Engineering

Information Assurance and Security Technologies for Risk Assessment and Threat Management ◽

10.4018/978-1-61350-507-6.ch011 ◽

2013 ◽

pp. 273-290

Author(s):

Saeed Abu-Nimeh ◽

Nancy R. Mead

Keyword(s):

Risk Assessment ◽

Requirements Engineering ◽

Security Requirements ◽

Security And Privacy ◽

Security Risk ◽

Security Risks ◽

Development Cycle ◽

Assessment Techniques ◽

Security Risk Assessment ◽

Privacy Risks

Security requirements engineering identifies security risks in software in the early stages of the development cycle. In this chapter, the authors present a security requirements approach dubbed SQUARE. They integrate privacy requirements into SQUARE to identify privacy risks in addition to security risks. They present a privacy elicitation technique and then combine security risk assessment techniques with privacy risk assessment techniques.

Download Full-text