Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of these mitigations, several researchers have attempted to base risk assessment on argumentation structures. However, none of these approaches have so far been scalable or usable in real-world risk assessments. In this paper, we present the results from our search for a scalable argumentation-based information security RA method. We start from previous work on both formal argumentation frameworks and informal argument structuring and try to find a pro...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
This chapter presents a process for security requirements elicitation and analysis, based around th...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
This chapter presents a process for security requirements elicitation and analysis, based around th...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
When showing that a software system meets certain security requirements, it is often necessary to wo...
non-peer-reviewedWhen showing that a software system meets certain security requirements, it is ofte...
The objective of my research is to improve and support the process of Information security Risk Asse...
The objective of my research is to improve and support the process of Information security Risk Asse...
Most established security risk assessment methodologies aim to produce ranked lists of risks. But ra...
When considering the security of a system, the analyst must simultaneously work with two types of pr...
This paper proposes using both formal and structured informal arguments to show that an eventual rea...
This chapter presents a process for security requirements elicitation and analysis, based around th...
This paper explores the idea that IT security risk assessment can be formalized as an argumentation ...