Sökning: (WFRF:(Gustafsson Mats)) srt2:(2020-2024) >
A Case Study of Int...
A Case Study of Introducing Security Risk Assessment in Requirements Engineering in a Large Organization
-
- Ardi, Shanai (författare)
- Ericsson AB, Linköping, Sweden
-
- Sandahl, Kristian, Professor, 1959- (författare)
- Linköpings universitet,Programvara och system,Tekniska fakulteten,PELAB
-
- Gustafsson, Mats (författare)
- Ericsson AB, Linköping, Sweden
-
(creator_code:org_t)
- Springer, 2023
- 2023
- Engelska.
-
Ingår i: SN Computer Science. - : Springer. - 2661-8907. ; 4:5
- Relaterad länk:
-
https://doi.org/10.1...
-
visa fler...
-
https://urn.kb.se/re...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- Software products are increasingly used in critical infrastructures, and verifying the security of these products has become a necessary part of every software development project. Effective and practical methods and processes are needed by software vendors and infrastructure operators to meet the existing extensive demand for security. This article describes a lightweight security risk assessment method that flags security issues as early as possible in the software project, namely during requirements analysis. The method requires minimal training effort, adds low overhead, and makes it possible to show immediate results to affected stakeholders. We present a longitudinal case study of how a large enterprise developing complex telecom products adopted this method all the way from pilot studies to full-scale regular use. Lessons learned from the case study provide knowledge about the impact that upskilling and training of requirements engineers have on reducing the risk of malfunctions or security vulnerabilities in situations where it is not possible to have security experts go through all requirements. The case study highlights the challenges of process changes in large organizations as well as the pros and cons of having centralized, distributed, or semi-distributed workforce for security assurance in requirements engineering.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Programvaruteknik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Software Engineering (hsv//eng)
Nyckelord
- Security risk assessment
- Software Engineering
- Requirements Engineering
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
Till lärosätets databas