Title :
Security Requirement Engineering at a Telecom Provider
Author :
Zuccato, Albin ; Endersz, Viktor ; Daniels, Nils
Author_Institution :
TeliaSonera Security Res. Group, Stockholm
Abstract :
To offer competitive products and services in the telecom business information security serves as an enabler and competitive factor. Unfortunately, traditional risk analysis and security engineering methods have shown to suffer from several shortcomings when applied to the telecom business. To overcome these shortcomings we propose a security engineering method called SKYDD covering information, infrastructure, and business requirements based on information classification. The method uses a combination of reference tables and checklists and addresses many of the shortcomings of traditional methods. Well-integrated into the development process SKYDD has proven to simplify security requirement gathering, reduce lead times and provide consistent requirements across different projects and project organizations, much of this due to the fact that the method is designed to be used by non-security experts.
Keywords :
formal specification; telecommunication security; telecommunication services; SKYDD covering information; checklists; information classification; reference tables; security requirement engineering; telecom business information security; telecom provider; Availability; Design methodology; Information security; Lead time reduction; Mathematical model; Protection; Reliability engineering; Risk analysis; Risk management; Telecommunications;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.14
