1 / 14

E-RISE 2011 E ngineering RI sk and SE curity Requirements

E-RISE 2011 E ngineering RI sk and SE curity Requirements. By Yudistira Asnar, Fabio Massacci, Alberto Battocchi (UNITN) a nd Camille Sabroux (Université Paris Dauphine). Background Objective Study Setting Participants Expected Outcomes Agenda. Outline. E-RISE 2011 - Yudis(c).

nevina
Download Presentation

E-RISE 2011 E ngineering RI sk and SE curity Requirements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-RISE 2011Engineering RIsk and SEcurity Requirements By Yudistira Asnar, Fabio Massacci, Alberto Battocchi (UNITN) and Camille Sabroux (Université Paris Dauphine)

  2. Background • Objective • Study Setting • Participants • Expected Outcomes • Agenda Outline E-RISE 2011 - Yudis(c)

  3. Increase of Security-related Incidents • Attacks and Breaches • Identity thefts, malware, fraud • Regulations • EU Data Protection, EU Cybercrime, HIPAA, SOX • Complexity of Software Systems • Compositional Systems • Future Internet Services • Location-based, smart-grid, context-aware, healthcare Background E-RISE 2011 - Yudis(c)

  4. New approach of Software System Development • Architecture: SOA, Clouds, Mobile, Ad-hoc • Computing: Multi-core, multi-tenancy • Paradigm: Goal-, Value-, Service-, Social-oriented • Various methods to engineer a secure system • Standards and Best Practices: ISO 2700X, CC, COSO, COBIT, ITIL, etc. • Research area: i*-based, problem frame, CORAS, domain-ontology, etc. Trends E-RISE 2011 - Yudis(c)

  5. Security Method in Research Taken from http://www.authormapper.com/ E-RISE 2011 - Yudis(c)

  6. Do those methods work? and Why? E-RISE 2011 - Yudis(c)

  7. Evaluate and benchmark E-RISE methods through an empirical study • Learn how and why participants intend to adopt a method • Gather feedback to improve a method. Particularly, investigating strength, weakness, and limitation of the method Objective E-RISE 2011 - Yudis(c)

  8. Perform a series of case studies comparing how one learns, adopts, and performs a security method • Scope of the study:  • A method that analyze risk and security requirements of an information system • Artifacts collected during the study will be analyzed to achieve the study objectives Study Setting E-RISE 2011 - Yudis(c)

  9. Method Designers Roles in E-RISE 2011 • Magister students with background either at Information System, IT architecture, IT audit, or Risk & Security Analysis • Université Paris Dauphine, France • University of Trento, Italy • Researchers/practitioners that master a security method • Secure Tropos • Problem Frame • SI* • CORAS • COBIT Participants E-RISE 2011 - Yudis(c)

  10. Participants (in a group of 4 people) will learn about a security method with the guidance of a method designer • Groups analyze security concerns of a given problem using the defined security method E-RISE 2011 E-RISE 2011 - Yudis(c)

  11. Presentation • List of recommendation about security measures to the management (e.g., CTO, CEO) • Priority among the recommendations • Rationale of such recommendations Expected Results from E-RISE E-RISE 2011 - Yudis(c)

  12. Expected Results from E-RISE Final Executive Report (Deadline June 5, 2011) • Documenting the process on producing such recommendations • 1 page of Recommendations (max.) • 4 pages of documenting process for auditing purposes (max.) • Annexes: eventual artifacts, diagrams, tables, etc.

  13. Training Phase [May 9-13, 2011] • Participants learn about the defined method • May 13 in Paris • Meet the method designers for a face-to-face tutorial • Application Phase [May 14-27, 2011] • Participants perform the collaborative work upon the given scenario and using the defined method • May 14-25 – remotely • May 26-27 in Paris Agenda E-RISE 2011 - Yudis(c)

  14. Thank you Question? E-RISE 2011 - Yudis(c)

More Related