{"title":"基于安全模式的ESRMG语法构建企业资产安全需求","authors":"K. Supaporn, N. Prompoon, Thongchai Rojkangsadan","doi":"10.1109/APSEC.2007.50","DOIUrl":null,"url":null,"abstract":"One of the highest priorities of system requirements needed in software development industry is security requirements. However, to identify the complete and correct software security requirements are a challenging task especially creating enterprise assets security requirements. Enterprise assets security requirements are to identify security basic needs, to assess risks, to establish security approach and service, and to specify external enterprise consideration including confidentiality, integrity, availability, and accountability concerns. Moreover, these may be applied to other security requirements such as identification and authentication, access control, firewall architecture, etc. Security patterns may be used to create this security requirements but understanding, analyzing and transforming from security patterns to security requirements are difficult to accomplish. We proposed a grammar, called ESRMG (enterprise security and risk management grammar), and a prototyping tool based on security patterns in a scope of enterprise asset identification and risk managements which are the fundamental of enterprise security requirements. The proposed grammar and tool are beneficial for any organization to construct enterprise security requirements and may help reduce cost and time in overall of system development.","PeriodicalId":273688,"journal":{"name":"14th Asia-Pacific Software Engineering Conference (APSEC'07)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-12-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Enterprise Assets Security Requirements Construction from ESRMG Grammar based on Security Patterns\",\"authors\":\"K. Supaporn, N. Prompoon, Thongchai Rojkangsadan\",\"doi\":\"10.1109/APSEC.2007.50\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the highest priorities of system requirements needed in software development industry is security requirements. However, to identify the complete and correct software security requirements are a challenging task especially creating enterprise assets security requirements. Enterprise assets security requirements are to identify security basic needs, to assess risks, to establish security approach and service, and to specify external enterprise consideration including confidentiality, integrity, availability, and accountability concerns. Moreover, these may be applied to other security requirements such as identification and authentication, access control, firewall architecture, etc. Security patterns may be used to create this security requirements but understanding, analyzing and transforming from security patterns to security requirements are difficult to accomplish. We proposed a grammar, called ESRMG (enterprise security and risk management grammar), and a prototyping tool based on security patterns in a scope of enterprise asset identification and risk managements which are the fundamental of enterprise security requirements. The proposed grammar and tool are beneficial for any organization to construct enterprise security requirements and may help reduce cost and time in overall of system development.\",\"PeriodicalId\":273688,\"journal\":{\"name\":\"14th Asia-Pacific Software Engineering Conference (APSEC'07)\",\"volume\":\"59 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-12-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"14th Asia-Pacific Software Engineering Conference (APSEC'07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APSEC.2007.50\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"14th Asia-Pacific Software Engineering Conference (APSEC'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSEC.2007.50","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enterprise Assets Security Requirements Construction from ESRMG Grammar based on Security Patterns
One of the highest priorities of system requirements needed in software development industry is security requirements. However, to identify the complete and correct software security requirements are a challenging task especially creating enterprise assets security requirements. Enterprise assets security requirements are to identify security basic needs, to assess risks, to establish security approach and service, and to specify external enterprise consideration including confidentiality, integrity, availability, and accountability concerns. Moreover, these may be applied to other security requirements such as identification and authentication, access control, firewall architecture, etc. Security patterns may be used to create this security requirements but understanding, analyzing and transforming from security patterns to security requirements are difficult to accomplish. We proposed a grammar, called ESRMG (enterprise security and risk management grammar), and a prototyping tool based on security patterns in a scope of enterprise asset identification and risk managements which are the fundamental of enterprise security requirements. The proposed grammar and tool are beneficial for any organization to construct enterprise security requirements and may help reduce cost and time in overall of system development.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
