Abstract
Requirements engineering, a vital component in successful project development, often neglects sufficient attention to security concerns. Further, industry lacks a useful model for incorporating security requirements into project development. Studies show that upfront attention to security saves the economy billions of dollars. Industry is thus in need of a model to examine security and quality requirements in the development stages of the production lifecycle.In this paper, we examine a methodology for both eliciting and prioritizing security requirements on a development project within an organization. We present a model developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program, and then examine two case studies where the model was applied to a client system. The NSS Program continues to develop this useful model, which has proven effective in helping an organization understand its security posture.
- Soo Hoo, K., Sudbury, J. W., Jaquith, J. R. "Tangible ROI Through Secure Software Engineering", Secure Business Quarterly, Volume 1, Number 2, @stake, 2001.Google Scholar
- National Institute of Standards and Technology, "Software Errors Cost U.S. Economy $59.5 Billion Annually" (NIST 2002-10). http://www.nist.gov/public_affairs/releases/n02-10.htm (2002).Google Scholar
- Chen, P., Mead, N. R., Dean, M., Lopez, L., Ojoko-Adams, D., Osman, H. Xie, N. SQUARE Methodology: Case Study on Asset Management System (CMU/SEI-2004-SR-015). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004.Google Scholar
- Chen, P., Mead, N. R., Dean, M., Lopez, L., Ojoko-Adams, D., Osman, H. Xie, N. SQUARE Methodology: Case Study on Asset Management System (CMU/SEI-2004-SR-015). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2004.Google Scholar
- Mead, N. "Requirements Elicitation and Analysis Processes for Safety & Security Requirements", 4th International Workshop on Requirements for High Assurance Systems, September 6, 2004, Kyoto, Japan, proceedings published by SEI:http://www.sei.cmu.edu/community/rhas-workshop/#papers.Google Scholar
- Student report to be sanitized and published by the SEI.Google Scholar
- Student report to be sanitized and published by the SEI.Google Scholar
Index Terms
- Security quality requirements engineering (SQUARE) methodology
Recommendations
Security quality requirements engineering (SQUARE) methodology
SESS '05: Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applicationsRequirements engineering, a vital component in successful project development, often neglects sufficient attention to security concerns. Further, industry lacks a useful model for incorporating security requirements into project development. Studies ...
A systematic literature review of stakeholder identification methods in requirements elicitation
This paper presents a systematic review of relevant published studies related to topics in Requirements Engineering, specifically, concerning stakeholder identification methods in requirements elicitation, dated from 1984 to 2011. Addressing four ...
A Requirements Engineering Methodology for Real-Time Processing Requirements
This paper describes a methodology for the generation of software requirements for large, real-time unmanned weapons systems. It describes what needs to be done, how to evaluate the intermediate products, and how to use automated aids to improve the ...
Comments