Show simple item record

dc.rights.licenseCC-BY-NC-ND
dc.contributor.advisorDalpiaz, F.
dc.contributor.advisorSpruit, M.R.
dc.contributor.authorArgyropoulos, N.
dc.date.accessioned2014-11-26T18:01:56Z
dc.date.available2014-11-26T18:01:56Z
dc.date.issued2014
dc.identifier.urihttps://studenttheses.uu.nl/handle/20.500.12932/18849
dc.description.abstractSoftware systems are broadly used to support the provision of e-services and the facilitation of business processes. Sensitive information is exchanged within such systems between human actors and software agents. As a consequence, their design should encompass security aspects in addition to functional ones, in order to provide an environment in which the users can achieve their goals while keeping their information secure. By reviewing the literature of the areas of security requirements engineering and risk management and surveying practitioners of the field, we identified the need for a structured approach that leads to security by design, taking into account the system’s extended socio-technical environment and managing risk, from the early stages of the development life-cycle. In this work we develop a structured method to integrate elements of risk management in the security requirements engineering process. By combining method fragments from established methods in the field of security requirements and risk management we construct a new method that uses the results of the risk evaluation and prioritization as input for the identification of user’s security needs, creating a complete socio-technical model of the system to-be. We apply this method in practice via a retrospective case study, in order to evaluate its completeness and performance. This application of our method in practice shows promising results, as the method is able to accurately model the studied system and uncover a number of previously unidentified security requirements.
dc.description.sponsorshipUtrecht University
dc.format.extent4302756
dc.format.mimetypeapplication/pdf
dc.language.isoen
dc.titleDesigning secure software systems: Combining goal-oriented modeling and risk management
dc.type.contentMaster Thesis
dc.rights.accessrightsOpen Access
dc.subject.keywordsSecurity requirements engineering, risk management, socio-technical systems, information security, risk analysis, threat prioritization
dc.subject.courseuuBusiness Informatics


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record