Information security policy compliance-eliciting requirements for a computerized software to support value-based compliance analysis

Karlsson, Fredrik; Kolkowska, Ella; Petersson, Johan

doi:10.1016/j.cose.2021.102578

Cited by 6 publications

(1 citation statement)

References 56 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Information security policy complianceeliciting requirements for a computerized software to support value-based compliance analysis [45] Value-based compliance is highly suggested to form the information security policy by using early requirement elicitation.…”

Section: Cultivating Proactive Information Securitymentioning

confidence: 99%

Model Transformation and Code Generation Using a Secure Business Process Model

Mythily

Xavier

David

et al. 2022

Preprint

View full text Add to dashboard Cite

Worldwide, new devices in every sphere of the walk are emerging daily, and a more significant percentage of them are software-driven. Consequently, the software development process is prone to errors, bugs, and frequent changes to the requirements and the software leading to abnormal deviation in time to deliver. Another aspect being considered is the security of the software at the time of (Software Development Life Cycle) SDLC. As a part of secure software engineering, the model transformation involves the information security aspects in the early phases of SDLC. Hence, Automation of the software development process, though not entirely, is inevitable. In this research, platform-independent models are generated with security attributes such as Integrity, Privacy, Security Audit, non-repudiation, and authentication. A template-based source code generator is used to produce the structure of the source model. The Secure Business Process Model (SBPM) has a set of Unified Modeling Language (UML) artifacts such as analysis level classes and sequence diagrams with security attributes by taking the activity model as a source. Security requirements are associated with elements extracted from the source model. Structural codes for the source model with security-enabled members are generated.

show abstract

Section: Cultivating Proactive Information Securitymentioning

confidence: 99%