• DocumentCode
    3077153
  • Title

    Enhancing Use Cases with Subjective Risk Assessment

  • Author

    Arogundade, O.T. ; Jin, Z. ; Yang, X.G.

  • Author_Institution
    Inst. of Syst. Sci., CAS, Beijing, China
  • fYear
    2011
  • fDate
    27-29 June 2011
  • Firstpage
    144
  • Lastpage
    151
  • Abstract
    The aim of this article is to advance the discussion of use-misuse cases as a tool for information system security risk assessment during system development. We closely examined the limitations and came up with some basic pointers that needed to be addressed in order to overcome the limitations. We proposed some solutions to these lacks and present a framework and modeling process to achieve the solutions. We illustrate the use of the proposed model on popular e-shop system as a case study. The proposed model is able to allow managers and system developers to share a commonly understand view concerning the potential impact of various information system related threats that make sense to them within their limited resources.
  • Keywords
    retail data processing; risk management; security of data; e-shop system; information system security risk assessment; subjective risk assessment; use case enhancement; Analytical models; Availability; Information systems; Risk management; Security; Unified modeling language; UML; misuse cases; requirement engineering; risk assessment; scenario; security; use cases;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Secure Software Integration & Reliability Improvement Companion (SSIRI-C), 2011 5th International Conference on
  • Conference_Location
    Jeju Island
  • Print_ISBN
    978-1-4577-0781-0
  • Electronic_ISBN
    978-0-7695-4454-0
  • Type

    conf

  • DOI
    10.1109/SSIRI-C.2011.29
  • Filename
    6004516
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3077153