Abstract
An effective network security requirement engineering is needed to help organizations in capturing cost-effective security solutions that protect networks against malicious attacks while meeting the business requirements. The diversity of currently available security requirement engineering methodologies leads security requirements engineers to an open question: How to choose one? We present a global evaluation methodology that we applied during the IREHDO2 project to find a requirement engineering method that could improve network security. Our evaluation methodology includes a process to determine pertinent evaluation criteria and a process to evaluate the requirement engineering methodologies. Our main contribution is to involve stakeholders (i.e., security requirements engineers) in the evaluation process by following a requirement engineering approach. We describe our experiments conducted during the project with security experts and the feedback we obtained. Although we applied it to evaluate three requirements engineering methods (KAOS, STS and SEPP) in the context of network security, our evaluation methodology can be instantiated in other contexts and other methods.
Funder
Direction Générale de l’Armement
Reference62 articles.
1. Securing Against the Most Common Vectors of Cyber Attacks 2017https://www.sans.org/white-papers/37995/
2. ISO/IEC 27033 IT Network Security Standardhttp://www.iso27001security.com/html/27033.html
3. Infrastructure Security Architecture for Effective Security Monitoring 2015https://www.sans.org/white-papers/36512/
4. Network Security Architecture;Stawowski;ISSA J.,2009
5. Implementation of a Formal Security Policy Refinement Process in WBEM Architecture
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献