The Open UniversitySkip to content
 

Towards agile security risk management in RE and beyond

Franqueira, Virginia N. L.; Bakalova, Zornitza; Tun, Thein Than and Daneva, Maya (2011). Towards agile security risk management in RE and beyond. In: International Workshop on Empirical Requirements Engineering , 30 August 2011, Trento, Italy, pp. 33–36.

URL: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumb...
DOI (Digital Object Identifier) Link: http://dx.doi.org/10.1109/EmpiRE.2011.6046253
Google Scholar: Look up in Google Scholar

Abstract

Little attention has been given so far to the process of security risk management at the early stages of system development. Security has been addressed by isolated security assurance practices, some of which consider risks and mitigations but they do not provide an overview of the overall security state of the system being developed. This paper takes the position that (1) these isolated security assurance practices should be fully integrated and should be embedded in short iterations of risk assessment, treatment and acceptance, providing input for updating security requirements and for security risk management, and that (2) available empirical data from public catalogs and databases should be used as a source of expertise, to leverage past experiences, and therefore reduce, although not eliminate, subjectivity of human judgment. Borrowing from the agile software development and project management philosophy, we introduce the idea of a light weight, agile approach to security risk management integrated to the development life cycle.

Item Type: Conference Item
Copyright Holders: IEEE 2011
Project Funding Details:
Funded Project NameProject IDFunding Body
Not SetNot SetSecureChange
Extra Information: ISBN: 978-1-4577-10785-9
Keywords: agile software development; information security risk management; secure engineering; security assurance
Academic Unit/Department: Mathematics, Computing and Technology > Computing & Communications
Interdisciplinary Research Centre: Centre for Research in Computing (CRC)
Item ID: 29982
Depositing User: Thein Tun
Date Deposited: 09 Nov 2011 10:02
Last Modified: 04 Dec 2012 09:59
URI: http://oro.open.ac.uk/id/eprint/29982
Share this page:

Actions (login may be required)

View Item
Report issue / request change

Policies | Disclaimer

© The Open University   + 44 (0)870 333 4340   general-enquiries@open.ac.uk