• DocumentCode
    3372035
  • Title

    An Organizational Framework for Building Secure Software

  • Author

    Hamou-Lhadj, Abdelwahab

  • Author_Institution
    Concordia Univ., Montreal, QC
  • fYear
    2008
  • fDate
    24-26 April 2008
  • Firstpage
    457
  • Lastpage
    460
  • Abstract
    In this paper, we argue that building a secure software system requires more than just a good understanding of technology. It requires an organized framework for the business context in which the system is being built Unlike existing studies that focus on security only from the technological point of view, in this paper, we present a framework for building secure software that facilitates the linkage between security requirements, software development practices, and business process management. Our framework consists of four main components: Governance, People, Process, and Technology. We believe that this framework, if implemented properly, can be a powerful tool that can be used by software companies to cope with the increasing customer demand for secure software.
  • Keywords
    formal specification; safety-critical software; business process management; organizational framework; secure software system; security requirement; software development; Buildings; Companies; Information security; Power system security; Programming; Project management; Software development management; Software systems; Software testing; Software tools; Software security; organizational frameworks; security support framework; software assurance;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Security and Assurance, 2008. ISA 2008. International Conference on
  • Conference_Location
    Busan
  • Print_ISBN
    978-0-7695-3126-7
  • Type

    conf

  • DOI
    10.1109/ISA.2008.105
  • Filename
    4511610
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3372035