Specifying Security at the Systems Analysis Level: Operational, Public-Image and Legal Aspects

Rahimian, Firoozeh; Bajaj, Akhilesh

doi:10.1007/978-3-642-40855-7_4

Firoozeh Rahimian⁷ &
Akhilesh Bajaj⁸

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 161))

Included in the following conference series:

EuroSymposium on Systems Analysis and Design

527 Accesses

Abstract

Current software security approaches involving software and information assurance, involve security activities such as threat modeling, misuse cases, and rigorous testing during the development, implementation and maintenance phases of the software lifecycle. With OPL (operational, public-image, legal) model, we propose that security requirements should be elicited at the data field level from end-users during the requirements modeling phase of the lifecycle. The elicited classification can then be used to drive the process of identifying critical processes of software, which leads to more effective threat modeling and testing regimens downstream.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 72.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Owens, D.: Integrating Software Security into The Software Development Lifecycle, IMPACT, http://www.impact-alliance.org (accessed 2013)
Dynamics, General. Venturing Beyond the Castle Walls – The Need for Data-Centric Security Models in Cloud Computing Environments, General Dynamics Information Technology (2012), https://meritalk.com/uploads_resources/000081_4435.pdf
Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall, Indianapolis (2006)
Google Scholar
Rauch, M.: What is Information Assurance, Articlesbase (2009), http://www.articlesbase.com/security-articles/what-is-information-assurance-1142179.html
SAFECode, Software Assurance: An Overview of Current Industry Best Practices, Wakefield, Massachusetts, USA (2008), http://www.safecode.org
Dash, R.: Risk Assessment Techniques for Software Development. European Journal of Scientific Research 42(4), 629–636 (2010), www.eurojournals.com/ejsr.htm
Google Scholar
Le Grand, C.H.: Software Security Assurance: A framework for Software Vulnerability Management and Audit. CHL Global Associates (2005), www.ouncelabs.com
Microsoft, Microsoft Security Development Lifecycle, Simplified Implementation of the Microsoft SDL (2010), http://www.microsoft.com/sdl
Williams, L.: Misuse (or Abuse) Cases, North Carolina State University, North Carolina, United States, http://www.cigital.com/justiceleague/wp-content/uploads/2007/07/touchpoints.gif (accessed 2013)
Steven, J.: Defining Misuse within the Development Process. IEEE Security and Privacy, United States (2006)
Google Scholar
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Eng. 10, 34–44 (2004)
Article Google Scholar
Myagmar, S., Lee, A.J., Yurcik, W.: Threat Modeling as a Basis for Security Requirements. In: Symposium on Requirements Engineering for Information Security (SREIS), United States (2005)
Google Scholar
Howard, M.: Demystifying the Threat-Modeling Process. IEEE Security and Privacy, United States (2005)
Google Scholar
Etges, R., McNeil, K.: Understanding Data Classification Based on Business and Security Requirements. Journal Online 5 (2006)
Google Scholar
Heiser, J.: Data classification best practices: Techniques, methods and projects, http://www.SearchSecurity.com (accessed 2013)
Verizon, Data-Centric Vulnerability Management (2012), http://www.verizonenterprise.com/resources/whitepaper/wp_data-centric-vulnerability-management_en_xg.pdf
Bajaj, A.: Large Scale Requirements Modeling: an Industry Analysis, A Model and a Teaching Case. Journal of Information Systems Education, United States (2006)
Google Scholar
Bajaj, A. , Large Scale Requirements Modeling, University of Tulsa, United States (2008).
Google Scholar
Bajaj, A.: The Effect of Abstraction of Constructs in Data Models on Modeling Performance: An Exploratory Empirical Study. In: Americas Conference on Information Systems (ACMIS), United States (2010)
Google Scholar

Download references

Author information

Authors and Affiliations

Tandy School of Computer Science, The University of Tulsa, Tulsa, OK, USA
Firoozeh Rahimian
Collins College of Business, The University of Tulsa, Tulsa, OK, USA
Akhilesh Bajaj

Authors

Firoozeh Rahimian
View author publications
You can also search for this author in PubMed Google Scholar
Akhilesh Bajaj
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Business Informatics, University of Gdansk, ul. Piaskowa 9, 81-864, Sopot, Poland
Stanisław Wrycza

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Rahimian, F., Bajaj, A. (2013). Specifying Security at the Systems Analysis Level: Operational, Public-Image and Legal Aspects. In: Wrycza, S. (eds) Information Systems: Development, Learning, Security. SIGSAND/PLAIS 2013. Lecture Notes in Business Information Processing, vol 161. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40855-7_4

Download citation

DOI: https://doi.org/10.1007/978-3-642-40855-7_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40854-0
Online ISBN: 978-3-642-40855-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics