When showing that a software system meets certain security requirements, it is often necessary to work with formal and informal descriptions of the system behavior, vulnerabilities, and threats from potential attackers. In earlier work, Haley et al. [1] showed structured argumentation could deal with such mixed descriptions. However, incomplete and uncertain information, and limited resources force practitioners to settle for good-enough security. To deal with these conditions of practice, we extend the method of Haley et al. with risk assessment. The proposed method, RISA (RIsk assessment in Security Argumentation), uses public catalogs of security expertise to support the risk assessment, and to guide the security argumentation in identif...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
Over the past decades a significant number of methods to identify and mitigate security risks have b...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
One of the challenges of secure software construction (and maintenance) is to get control over the m...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
Over the past decades a significant number of methods to identify and mitigate security risks have b...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
One of the challenges of secure software construction (and maintenance) is to get control over the m...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
Over the past decades a significant number of methods to identify and mitigate security risks have b...