Please use this identifier to cite or link to this item: http://hdl.handle.net/2440/108288
Citations
Scopus Web of Science® Altmetric
?
?
Full metadata record
DC FieldValueLanguage
dc.contributor.authorRashid, A.en
dc.contributor.authorNaqvi, S.en
dc.contributor.authorRamdhany, R.en
dc.contributor.authorEdwards, M.en
dc.contributor.authorChitchyan, R.en
dc.contributor.authorAli Babar, M.en
dc.date.issued2016en
dc.identifier.citationProceedings of the 38th International Conference on Software Engineering, 2016 / vol.14-22-May-2016, pp.866-876en
dc.identifier.isbn9781450339001en
dc.identifier.issn0270-5257en
dc.identifier.urihttp://hdl.handle.net/2440/108288-
dc.description.abstractSecurity is one of the biggest challenges facing organisations in the modern hyper-connected world. A number of theoretical security models are available that provide best practice security guidelines and are widely utilised as a basis to identify and operationalise security requirements. Such models often capture high-level security concepts (e.g., whitelisting, secure configurations, wireless access control, data recovery, etc.), strategies for operationalising such concepts through specific security controls, and relationships between the various concepts and controls. The threat landscape, however, evolves leading to new tacit knowledge that is embedded in or across a variety of security incidents. These unknown knowns alter, or at least demand reconsideration of the theoretical security models underpinning security requirements. In this paper, we present an approach to discover such unknown knowns through multi-incident analysis. The approach is based on a novel combination of grounded theory and incident fault trees. We demonstrate the effectiveness of the approach through its application to identify revisions to a theoretical security model widely used in industry.en
dc.description.statementofresponsibilityAwais Rashid, Syed Asad Ali Naqvi, Rajiv Ramdhany, Matthew Edwards, Ruzanna Chitchyan, M. Ali Babaren
dc.language.isoenen
dc.publisherACMen
dc.relation.ispartofseriesInternational Conference on Software Engineeringen
dc.rights© 2016 Copyright held by the owner/author(s). Publication rights licensed to ACM.en
dc.subjectSecurity requirements, incident analysis, grounded theoryen
dc.titleDiscovering "unknown known" security requirementsen
dc.typeConference paperen
dc.identifier.rmid0030056664en
dc.contributor.conference38th International Conference on Software Engineering (ICSE '16) (14 May 2016 - 22 May 2016 : Austin, TX)en
dc.identifier.doi10.1145/2884781.2884785en
dc.identifier.pubid254536-
pubs.library.collectionComputer Science publicationsen
pubs.library.teamDS06en
pubs.verification-statusVerifieden
pubs.publication-statusPublisheden
Appears in Collections:Computer Science publications

Files in This Item:
File Description SizeFormat 
RA_hdl_108288.pdfRestricted Access1.72 MBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.