Computer-based systems are increasingly being exposed to evolving security threats, which often reveal new vulnerabilities. A formal analysis of the evolving threats is difficult due to a number of practical considerations such as incomplete knowledge about the design, limited information about attacks, and constraints on organisational resources. In our earlier work on RISA (RIsk assessment in Security Argumentation), we showed that informal risk assessment can complement the formal analysis of security requirements. In this paper, we integrate the formal and informal assessment of security by proposing a unified meta-model and an automated tool for supporting security argumentation called OpenRISA. Using a uniform representation of risks ...
When software systems are verified against security requirements, formal and informal arguments prov...
One of the challenges of secure software construction (and maintenance) is to get control over the m...
As previously discussed [13], the challenges to achieve a consistent intertwining between safety and...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
When software systems are verified against security requirements, formal and informal arguments prov...
One of the challenges of secure software construction (and maintenance) is to get control over the m...
As previously discussed [13], the challenges to achieve a consistent intertwining between safety and...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
When software systems are verified against security requirements, formal and informal arguments prov...
One of the challenges of secure software construction (and maintenance) is to get control over the m...
As previously discussed [13], the challenges to achieve a consistent intertwining between safety and...