Towards Security Risk-Oriented Misuse Cases

Soomro, Inam; Ahmed, Naved

doi:10.1007/978-3-642-36285-9_68

Cited by 15 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This section gives a detailed review of related studies in the areas of misuses cases with risk assessment for improving safety. Misuse case has been investigated in the light of security, security risk management, security risk assessment and similar aspects as evidenced in [26]- [28].…”

Section: Literature Reviewmentioning

confidence: 99%

Enhancing Misuse Cases With Risk Assessment for Safety Requirements

et al. 2020

View full text Add to dashboard Cite

Risk-driven requirements elicitation represents an approach that allows assignment of appropriate countermeasure for the protection of the Information System (IS) depending on the risk level. Elicitation of safety requirements based on risk analysis is essential for those IS which will run on the open and dynamic Internet platform. Traditionally, misuse cases are used to find the weak points of an IS but cannot differentiate between the weak point that can lead to lenient hazard and/or serious hazard. In this paper, we present an enhanced misuse case approach to support IS safety risk assessment at the early stages of software process. We extensively examined and identified concepts which constitute a modelling technique for IS safety risk assessment and build a conceptual model for achieving IS safety risk assessment during the requirement analysis phase of software process. The risk assessment process follows an approach of consequential analysis based on misuse cases for safety hazard identification and qualitative risk measurement. The safety requirements are elicited according to the results of the risk assessment. A medical IS is used as a case study to validate the proposed model. INDEX TERMS Misuse case, requirements engineering, risk assessment, scenario, safety, use cases.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Enhancing Misuse Cases With Risk Assessment for Safety Requirements

et al. 2020

View full text Add to dashboard Cite

show abstract

“…The contribution in [23] helps modeling and analyzing the system from an attacker (misuser) perspective which increases the chance of identifying threats that would have been ignored. Malicious behaviors are modeled by misuse cases that target use cases and countermeasures as security use cases that mitigate misuse cases.…”

Section: Issrm and Misuse Cases Diagrams Alignmentmentioning

confidence: 99%

Survey on information system security risk management alignment

Abbass

Baïna

Bellafkih

2016

2016 International Conference on Information Technology for Organizations Development (IT4OD)

View full text Add to dashboard Cite

Nowadays, the business services of organizations depend widely on Information Systems (IS). However, these systems may face potential failure or risks that could lead to a business failure. Therefore, the Information System Security Risk management (ISSRM) in organizations is ultimate for business success. ISSRM protects the information availability, integrity, and privacy. The aim of this paper is first to assess the security oriented modeling languages through the ISSRM domain model. For this purpose, a survey of the ISSRM alignment in comparison with the security modeling languages is outlined.

show abstract

“…To remedy this problem of guiding and integrating risk analysis for eliciting security requirements, there were alignments for based risk analysis methods those which don't use it, e.g: ISSRM / Secure Tropos [24], ISSRM / Misuse Cases [45], ISSRM / Mal activity [6], but these methods are semi-formal and don't offer full guidance.…”

Section: State Of the Artmentioning

confidence: 99%

From Risk Analysis to the Expression of Security Requirements for Systems Information

Laoufi

2015

2015 Fourth International Conference on Cyber Security, Cyber Warfare, and Digital Forensic (CyberSec)

View full text Add to dashboard Cite

Several methods have been suggested to address the identification of security requirements for information systems (IS) from risk analysis or not. To the best of our knowledge, there is no methodology that enables the derivation in a formal way of security requirements starting from risk analysis. The aim of this paper is to provide a guiding method allowing us to determine security requirements based on risk analysis. To achieve this objective, we propose to align the concepts of assets, risks to those of security requirements through the use of three ontologies: assets, risks and security requirements. The alignment of the three ontologies is based on best practices in the security domain. In addition to the description of guiding method, we detail, in this paper, the approaches used for the construction and alignment of the three ontologies.

show abstract

Towards Security Risk-Oriented Misuse Cases

Cited by 15 publications

References 9 publications

Enhancing Misuse Cases With Risk Assessment for Safety Requirements

Enhancing Misuse Cases With Risk Assessment for Safety Requirements

Survey on information system security risk management alignment

From Risk Analysis to the Expression of Security Requirements for Systems Information

Contact Info

Product

Resources

About