Identifying threats and risks to complex systems often requires some form of brainstorming. In addition, eliciting security requirements involves making traceable decisions about which risks to mitigate and how. The complexity and dynamics of modern socio-technical systems mean that their security cannot be formally proven. Instead, some researchers have turned to modeling the claims underpinning a risk assessment and the arguments which support security decisions. As a result, several argumentation-based risk analysis and security requirements elicitation frameworks have been proposed. These draw upon existing research in decision making and requirements engineering. Some provide tools to graphically model the underlying argumentation stru...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Abstract. We propose a graphical approach to identify, explain and document security threats and ris...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
We routinely hear vendors claim that their systems are "secure." However, without knowing what assum...
Abstract—Graph-based assessment formalisms have proven to be useful in the safety, dependability, an...
Software systems are made to evolve in response to changes in their contexts and requirements. As t...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Abstract. We propose a graphical approach to identify, explain and document security threats and ris...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
We routinely hear vendors claim that their systems are "secure." However, without knowing what assum...
Abstract—Graph-based assessment formalisms have proven to be useful in the safety, dependability, an...
Software systems are made to evolve in response to changes in their contexts and requirements. As t...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Abstract. We propose a graphical approach to identify, explain and document security threats and ris...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...