SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process

Daniel Mellado; Eduardo Fernández-Medina; Mario Piattini

doi:10.5220/0002098004670470

SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process

Daniel Mellado, Eduardo Fernández-Medina, Mario Piattini

2006

Abstract

Integration of security into the early stages of the system development is necessary to build secure systems. However, in the majority of software projects security is dealt with when the system has already been designed and put into operation. This paper will propose an approach called SREP (Security Requirements Engineering Process) for the development of secure software. We will present an iterative and incremental micro-process for the security requirements analysis that is repeatedly performed at each phase. It integrates the Common Criteria into the software lifecycle model as well as it is based on the reuse of security requirements, by providing a security resources repository. In brief, we will present an approach which deals with the security requirements at the early stages of software development in a systematic and intuitive way, and which also conforms to ISO/IEC 17799:2005.

Download

Paper Citation

in Harvard Style

Mellado D., Fernández-Medina E. and Piattini M. (2006). SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 467-470. DOI: 10.5220/0002098004670470

in Bibtex Style

@conference{secrypt06,
author={Daniel Mellado and Eduardo Fernández-Medina and Mario Piattini},
title={SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={467-470},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002098004670470},
isbn={978-972-8865-63-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - SECURE INFORMATION SYSTEMS DEVELOPMENT - Based on a Security Requirements Engineering Process
SN - 978-972-8865-63-4
AU - Mellado D.
AU - Fernández-Medina E.
AU - Piattini M.
PY - 2006
SP - 467
EP - 470
DO - 10.5220/0002098004670470