By Topic

Enterprise Assets Security Requirements Construction from ESRMG Grammar based on Security Patterns

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)

One of the highest priorities of system requirements needed in software development industry is security requirements. However, to identify the complete and correct software security requirements are a challenging task especially creating enterprise assets security requirements. Enterprise assets security requirements are to identify security basic needs, to assess risks, to establish security approach and service, and to specify external enterprise consideration including confidentiality, integrity, availability, and accountability concerns. Moreover, these may be applied to other security requirements such as identification and authentication, access control, firewall architecture, etc. Security patterns may be used to create this security requirements but understanding, analyzing and transforming from security patterns to security requirements are difficult to accomplish. We proposed a grammar, called ESRMG (enterprise security and risk management grammar), and a prototyping tool based on security patterns in a scope of enterprise asset identification and risk managements which are the fundamental of enterprise security requirements. The proposed grammar and tool are beneficial for any organization to construct enterprise security requirements and may help reduce cost and time in overall of system development.

Published in:

14th Asia-Pacific Software Engineering Conference (APSEC'07)

Date of Conference:

4-7 Dec. 2007