Title :
Reducing the gap between security audit and software engineering methods
Author :
El rhaffari, Ikram ; Roudies, Ounsa
Author_Institution :
Ecole Mohammadia d´Ing., Mohammed V-Agdal Univ., Rabat, Morocco
Abstract :
The information security aspect has become a major concern for software project leaders. The problem is that software engineers still consider security issues as add-on requirements expressed and verified by “external” actors like auditors or security managers. We aim to help software engineers by identifying precisely what they are expected to do and to deliver at each step, in order to enhance the security level of the targeted information system. In this paper, we focus on merging security issues in software life cycle. Therefore, we extract security requirements and best practices from security audit methods and embed them in software methods. We consider in particular the well-known UP and MEHARI methods. The idea is to anchor security recommendations from the MEHARI method in the lifecycle of the UP, by the mean of meta-modeling approach.
Keywords :
security of data; software engineering; MEHARI method; UP method; add-on requirements; gap reduction; information security aspect; information system; meta-modeling approach; security audit methods; security issues; security level enhancement; security requirement extraction; software engineering methods; software life cycle; software project leaders; IEC standards; ISO standards; Information systems; Security; Software; Software engineering; MDE; Mapping; Mehari; Method mapping; Security Audit; Software engenniring; Unified process; anchor;
Conference_Titel :
Science and Information Conference (SAI), 2013
Conference_Location :
London