security requirement
Recently Published Documents


TOTAL DOCUMENTS

129
(FIVE YEARS 34)

H-INDEX

10
(FIVE YEARS 1)

2022 ◽  
pp. 247-279
Author(s):  
Inger Anne Tøndel ◽  
Martin Gilje Jaatun

Security requirement work plays a key role in achieving cost-effective and adequate security in a software development project. Knowledge about software companies' experiences of security requirement work is important in order to bridge the observed gap between software security practices and security risks in many projects today. Particularly, such knowledge can help researchers improve on available practices and recommendations. This article uses the results of published empirical studies on security requirement work to create a conceptual framework that shows key concepts related to work context, this work itself and the effects of this work. The resulting framework points to the following research challenges: 1) Identifying and understanding factors important for the effect of security requirements work; 2) Understanding what is the importance of the chosen requirements approach itself, and; 3) Properly taking into account contextual factors, especially factors related to individuals and interactions, in planning and analysis of empirical studies on security requirements work.


2021 ◽  
Author(s):  
Vijay Mookonil

Abstract Objective The objective of this paper is to provide a general understanding and awareness of the physical security requirement in Oil & Gas Industry, explore various Physical security solutions and how the same is different from Network Security and highlight its importance followed by explaining how same can be achieved in industrial environment by implementing different layers of security measures.


2021 ◽  
Vol 5 (3) ◽  
pp. 298
Author(s):  
Mohammad Aljanabi ◽  
Shams N. Abd-Alwahab ◽  
RD Rohmat Saedudin ◽  
Hind Raad Ebraheem ◽  
- Defni ◽  
...  

Cloud computing represents a kind of computing that is based on the sharing of computing resources instead of possessing personal devices or local servers for handling several applications and tasks. This kind of computing includes three distinguished kinds of services provided remotely for clients that can be accessed by using the Internet. Typically, clients work on paying annual or monthly service fees for suppliers, in order to gain access to systems that work on delivering infrastructure as a service, platforms as a service, and software as a service for any subscriber. In this paper, the usefulness and the abuse of the cloud computing are briefly discussed and presented by highlighting the influences of cloud computing in different areas. Moreover, this paper also presents the kinds and services of cloud. In addition, the security issues that cover the cloud security solution requirements, and the cloud security issues, which is one of the biggest issues in recent years in cloud computing were presented in this paper. The security requirement that needs by the cloud computing covers privacy, lack of user control, unauthorized secondary usage, and finally data proliferation and data flow. Meanwhile, the security issues cover including ownership of device, the trust issue and legel aspects. To overcome the security issues, this paper also presents the solution at the end of this paper.


2021 ◽  
Vol 1 (3) ◽  
pp. 422-452
Author(s):  
Romain Laborde ◽  
Sravani Teja Bulusu ◽  
Ahmad Samer Wazan ◽  
Arnaud Oglaza ◽  
Abdelmalek Benzekri

An effective network security requirement engineering is needed to help organizations in capturing cost-effective security solutions that protect networks against malicious attacks while meeting the business requirements. The diversity of currently available security requirement engineering methodologies leads security requirements engineers to an open question: How to choose one? We present a global evaluation methodology that we applied during the IREHDO2 project to find a requirement engineering method that could improve network security. Our evaluation methodology includes a process to determine pertinent evaluation criteria and a process to evaluate the requirement engineering methodologies. Our main contribution is to involve stakeholders (i.e., security requirements engineers) in the evaluation process by following a requirement engineering approach. We describe our experiments conducted during the project with security experts and the feedback we obtained. Although we applied it to evaluate three requirements engineering methods (KAOS, STS and SEPP) in the context of network security, our evaluation methodology can be instantiated in other contexts and other methods.


2021 ◽  
Vol 8 (2) ◽  
pp. 34-42
Author(s):  
Kar Yee Chai ◽  
Mohamad Fadli Zolkipli

Information security is very significant needs to be secured due to people relying on networks and communication. Therefore, protecting information is a major challenge with the number of users increases rapidly in recent years. The aim of this article is to review Confidentiality, Integrity and Availability (CIA) in information security. This article focuses on the issues of information security and the requirements of information security. The articles, journals and conference papers are reviewed by researchers were published in 2016-2021. Security issues are analyzed in the recent methodologies. The result of the relationship between CIA in each information security requirement is at a moderate level. It is suggested cybersecurity risk awareness program for society is needed. Therefore, every user could get full advantages in networks and digital platforms.


2021 ◽  
Vol 4 (1) ◽  
pp. 13-17
Author(s):  
Rahmawati N

Proses pengembangan perangkat lunak harus mengikuti tahapan tertentu yang disebut dengan Software Development Life Cycle atau (SDLC). Pada pengembangan perangkat lunak, yang belum nampak secara eksplisit pada SDLC adalah aspek keamanan. Keamanan seharusnya hadir pada setiap tahapan SDLC. Keamanan perangkat lunak bisa dimulai dari security requirement, secure design, secure coding, hingga pengujian. Tahapan coding merupakakan implementasi dari desain dalam bentuk kode. Programmer harus berhati-hati agar tidak ada lubang keamanan pada saat perangkat lunak dikembangkan. Membuat perangkat lunak yang aman dengan desain memerlukan pertimbangan pada bagiamana cara menangani kesalahan, terutama pada tahapan coding. Bahasa pemrograman Java yang memiliki sifat  mengurangi kemungkinan terjadinya kesalahan tipe data. Bahasa termasuk ke dalam pemrograman berorientasi objek. Pemrograman berorientasi objek merupakan teknik membuat suatu program berdasarkan objek dan hal yang bisa dilakukan oleh objek tersebut. Bahasa Java menyediakan fitur penanganan pengecualian, seperti pernyataan throw dan blok try-catch-finally.  Pada bahasa ini terdapat exception handling yaitu mekanisme penangan error yang mungkin terjadi dalam suatu program


2021 ◽  
Author(s):  
Prosper Yeng ◽  
Muhammad Ali Fauzi ◽  
Luyi Sun ◽  
Bian Yang

BACKGROUND The loss of human lives from cyber-attacks in healthcare is no longer a probabilistic quantification but a reality which has begun. Additionally, the threat scope has expanded to involve threat of National security among others, resulting in surging data breaches within the healthcare sector. For that matter, there have been provisions of various legislations, regulations, and information security governance tools such as policies, standards and directives towards enhancing healthcare information security conscious care behavior among users. But in a research scenario where these required security practices are needed to be compared with ongoing security practices in healthcare, where can the security requirements pertaining to healthcare be obtained in a comprehensive way? Which of the requirements need more concentration of management, end users or both? OBJECTIVE The objective of this paper is therefore to systematically identify, assess and analyze the state-of-the-art information security requirements in healthcare. These requirements were used to develop a framework to serve as a yardstick for measuring the security practice of healthcare staff. METHODS A scoping review was adopted to identify the information security requirement sources within healthcare in Norway, Indonesia, and Ghana. A literature search was conducted in Scopus, PubMed, Google scholar, IEEE Explore and other sources such as legal, regulations, directive, policy and code of conduct related databases of Norway/EU, Indonesia and Ghana. The identified sources were reported with a PRISMA diagram in terms of identification, screening eligibility and inclusion. RESULTS Out of a total of 180 security and privacy requirement sources which were initially identified, 122 of them were fully read by the authors. Subsequently, 74 of these requirement documents fully met the inclusion criteria which were access and analyzed. A total of 68 security and privacy requirements were identified in this work. The findings were then used to develop a framework to serve as a benchmark for modeling and analyzing healthcare security practice. CONCLUSIONS Legal requirements for analyzing healthcare security practice were comprehensively identified and analyzed. The finding was used to develop a framework of which the legal requirement serves as a benchmark for modeling and analyzing healthcare security practice.


2021 ◽  
Author(s):  
Abdelhaliem Babiker

Abstract In this paper, a new key-agreement scheme is proposed and analyzed. In addition to being provably secure in the shared secret key indistinguishability model under Decisional Diffie-Hellman assumption for subgroup of matrices over GF(2) with prime order, which considered as basic security requirement, the scheme has an interesting feature; it uses exponentiations over cyclic group using hidden secret subgroup generator as a platform for the key exchange, whereby - unlike many other exponentiation based key exchange schemes - it transcends the reliance on intractability of Discrete Logarithm Problem in its security.


2021 ◽  
Vol 6 (1) ◽  
pp. 45-54
Author(s):  
Agus Hariyadi ◽  
Esti Setyaning Jati ◽  
Nabila Afif ◽  
Alya Farah Taufiqoh

Sliding Sudare has a big potential to be developed considered its high effectiveness in minimizing building energy consumption while still maintaining its visibility quality. Meanwhile, its original blinds that is made of bamboo cannot withstand extreme weather and have a short lifespan. Therefore, this research is to investigate the effectiveness of the other material alternatives namely stainless steel, plastic, and natural fiber. A scaled model is used for prototyping the materials in the shape of bicycle spokes, PLA+ (3D printer filament), and bamboo slats as the blinds. These everyday objects were tested in terms of their physical characteristic and were measured by four parameters (security requirement, weather resistance, construction process, and cost-effectiveness). From the research, it was concluded that bicycle spokes has the highest overall performance with the highest advantages in weather resistance requirement, cost-effectiveness, and construction; whilst PLA+ and bamboo slats have the least overall performance though both have high advantage in terms of security requirement.


Author(s):  
Kavitha D. ◽  
Ravikumar S.

The objective of the research work is to propose a software based security requirement engineering model using categorical and morphisms theory. The earlier security requirement engineering models focus different viewpoints on parallel processing and develop rewrite based knowledge centred models but does not include different functional mappings between the security objects to select the best strategy. The security models have not considered the needed security functions that are to be implemented in different environments with different levels of executions. The proposed requirement engineering model is based on the formal theory of category of objects and the morphisms between them in addition to n categories and multiple morphisms that were used to organize the security requirement functional objects of different categories. The on demand security requirement objects, morphisms and the uncertain events in any one of the subsystems are considered to manage this security requirement category as an algebraic data types. The collection of security requirement objects using classification and clustering techniques are implicitly applied by the formation of category and morphism. The risk and compliances both in the form of direct and indirect categories are mapped so as to provide a security assurance functors with minimum risk on the requirements to the next design state. An ‘n’ category and ‘n’ morphic model for software security requirement model is proposed towards for minimum security risks through efficient compliance management techniques.


Sign in / Sign up

Export Citation Format

Share Document