Published: Jan 1, 2015
Converted to Gold OA:
DOI: 10.4018/ijsse.20150101.pre
Volume 6
Kristian Beckers, Shamal Faily, Seok-Won Lee, Nancy Mead
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Beckers, Kristian, et al. "Special Issue on Evolving Security and Privacy Requirements Engineering (ESPRE'14) 2014, Sweden." IJSSE vol.6, no.1 2015: pp.4-7. http://doi.org/10.4018/ijsse.20150101.pre
APA
Beckers, K., Faily, S., Lee, S., & Mead, N. (2015). Special Issue on Evolving Security and Privacy Requirements Engineering (ESPRE'14) 2014, Sweden. International Journal of Secure Software Engineering (IJSSE), 6(1), 4-7. http://doi.org/10.4018/ijsse.20150101.pre
Chicago
Beckers, Kristian, et al. "Special Issue on Evolving Security and Privacy Requirements Engineering (ESPRE'14) 2014, Sweden," International Journal of Secure Software Engineering (IJSSE) 6, no.1: 4-7. http://doi.org/10.4018/ijsse.20150101.pre
Export Reference
Published: Jan 1, 2015
Converted to Gold OA:
DOI: 10.4018/ijsse.2015010101
Volume 6
Nancy R. Mead, Jose Andre Morales, Gregory Paul Alice
In this paper, the authors propose to enhance current software development lifecycle models by implementing a process for including use cases that are based on previous cyberattacks and their...
Show More
In this paper, the authors propose to enhance current software development lifecycle models by implementing a process for including use cases that are based on previous cyberattacks and their associated malware. Following the proposed process, the authors believe that developers can create future systems that are more secure, from inception, by including use cases that address previous attacks. In support of this, the authors present a case study of a malware sample that is used to generate new requirements for a mobile application.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Mead, Nancy R., et al. "A Method and Case Study for Using Malware Analysis to Improve Security Requirements." IJSSE vol.6, no.1 2015: pp.1-23. http://doi.org/10.4018/ijsse.2015010101
APA
Mead, N. R., Morales, J. A., & Alice, G. P. (2015). A Method and Case Study for Using Malware Analysis to Improve Security Requirements. International Journal of Secure Software Engineering (IJSSE), 6(1), 1-23. http://doi.org/10.4018/ijsse.2015010101
Chicago
Mead, Nancy R., Jose Andre Morales, and Gregory Paul Alice. "A Method and Case Study for Using Malware Analysis to Improve Security Requirements," International Journal of Secure Software Engineering (IJSSE) 6, no.1: 1-23. http://doi.org/10.4018/ijsse.2015010101
Export Reference
Published: Jan 1, 2015
Converted to Gold OA:
DOI: 10.4018/ijsse.2015010102
Volume 6
Azadeh Alebrahim, Denis Hatebur, Stephan Fassbender, Ludger Goeke, Isabelle Côté
To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence...
Show More
To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Alebrahim, Azadeh, et al. "A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems." IJSSE vol.6, no.1 2015: pp.24-46. http://doi.org/10.4018/ijsse.2015010102
APA
Alebrahim, A., Hatebur, D., Fassbender, S., Goeke, L., & Côté, I. (2015). A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems. International Journal of Secure Software Engineering (IJSSE), 6(1), 24-46. http://doi.org/10.4018/ijsse.2015010102
Chicago
Alebrahim, Azadeh, et al. "A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems," International Journal of Secure Software Engineering (IJSSE) 6, no.1: 24-46. http://doi.org/10.4018/ijsse.2015010102
Export Reference
Published: Jan 1, 2015
Converted to Gold OA:
DOI: 10.4018/ijsse.2015010103
Volume 6
Wolfgang Raschke, Massimiliano Zilli, Philip Baumgartner, Johannes Loinig, Christian Steger, Christian Kreiner
At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a...
Show More
At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In today's volatile markets customers want to be able to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash between traditional security design and evaluation processes. In this paper, the authors propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree. However, the application of the proposed evaluation method is limited by several constraints. The authors discuss these constraints and show how traditional certification schemes could be extended to better support modern industrial software development processes.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Raschke, Wolfgang, et al. "Balancing Product and Process Assurance for Evolving Security Systems." IJSSE vol.6, no.1 2015: pp.47-75. http://doi.org/10.4018/ijsse.2015010103
APA
Raschke, W., Zilli, M., Baumgartner, P., Loinig, J., Steger, C., & Kreiner, C. (2015). Balancing Product and Process Assurance for Evolving Security Systems. International Journal of Secure Software Engineering (IJSSE), 6(1), 47-75. http://doi.org/10.4018/ijsse.2015010103
Chicago
Raschke, Wolfgang, et al. "Balancing Product and Process Assurance for Evolving Security Systems," International Journal of Secure Software Engineering (IJSSE) 6, no.1: 47-75. http://doi.org/10.4018/ijsse.2015010103
Export Reference
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100