Friday, September 22, 2017

Entries for the 'Security Requirements' Category

30

Most requirements engineers are poorly trained to elicit, analyze, and specify security requirements, often confusing them with the architectural security mechanisms that are traditionally used to fulfill them. They thus end up specifying architecture and design constraints rather than true security requirements.

[Read the rest of this article...]

30

This is a great presentation by Donald Firesmith covering the topic of Reusable Security Requirements.
 

[Read the rest of this article...]

30

There are many requirements elicitation methods, but we seldom see elicitation performed specifically for security requirements. One reason for this is that few elicitation methods are specifically directed at security requirements. Another factor is that organizations seldom address security requirements elicitation specifically and instead lump them in with other traditional requirements elicitation methods.

This article describes an approach for doing trade-off analysis among requirements elicitation methods. Several case studies were conducted in security requirements elicitation; the detailed results of one case study and brief results of two other case studies are presented here.

[Read the rest of this article...]

Copyright 2009-2014 by Modern Analyst Media LLC