Title :
The research and application of security requirements analysis methodology of information systems
Author :
Cui, Jing-Song ; Zhang, Da
Author_Institution :
Coll. of Comput. Sci., Wuhan Univ., Wuhan
Abstract :
Generally, the security requirements analysis is a key process of security requirements engineering which includes the elicitation, analysis, verification and management of security requirements. Based on the existing security requirements analysis theories and approaches, this paper introduces two proposals to analysis the security requirements of information systems. The first proposal based on i* framework is mainly to model security requirements graphically with the help of si*-tool. The second proposal utilizes eight steps to obtain the final categorized and prioritized security requirements by using the techniques such as use/misuse case, attack tree, risk assessment and so on. To make it concrete, we use Disaster Recovery System to illustrate each proposal.
Keywords :
business continuity; information systems; security of data; systems analysis; Disaster Recovery System; attack tree; i* framework; information systems; risk assessment; security requirements analysis; si*-tool; use-misuse case; Computer science; Computer security; Concrete; Data security; Educational institutions; Information analysis; Information security; Information systems; Management information systems; Tree graphs; i* framework; secTropos; security requirements analysis; security resources repository;
Conference_Titel :
Anti-counterfeiting, Security and Identification, 2008. ASID 2008. 2nd International Conference on
Conference_Location :
Guiyang
Print_ISBN :
978-1-4244-2584-6
Electronic_ISBN :
978-1-4244-2585-3
DOI :
10.1109/IWASID.2008.4688352
