Reference Hub

This research has been cited in:

Article
Security in automotive telematics: a survey of threats and risk mitigation strategies to counter the existing and emerging attack vectorsSecurity and Communication Networks10.1002/sec.1610
Article
Quality Requirement Documentation Guidelines for Agile Software DevelopmentIEEE Access10.1109/ACCESS.2022.3187106
Conference
How agile software development practitioners perceive the need for documenting quality requirements: a multiple case study2020 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA)10.1109/SEAA51224.2020.00025
Article
Towards optimal quality requirement documentation in agile software development: A multiple case studyJournal of Systems and Software10.1016/j.jss.2021.111112

A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes

Annette Tetmeyer, Daniel Hein, Hossein Saiedian

Source Title: International Journal of Secure Software Engineering (IJSSE)5(4)

ISSN: 1947-3036|EISSN: 1947-3044|EISBN13: 9781466656871|DOI: 10.4018/ijsse.2014100102

Cite Article Cite Article

MLA

Tetmeyer, Annette, et al. "A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes." IJSSE vol.5, no.4 2014: pp.31-47. http://doi.org/10.4018/ijsse.2014100102

APA

Tetmeyer, A., Hein, D., & Saiedian, H. (2014). A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes. International Journal of Secure Software Engineering (IJSSE), 5(4), 31-47. http://doi.org/10.4018/ijsse.2014100102

Chicago

Tetmeyer, Annette, Daniel Hein, and Hossein Saiedian. "A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes," International Journal of Secure Software Engineering (IJSSE) 5, no.4: 31-47. http://doi.org/10.4018/ijsse.2014100102

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

While software security has become an expectation, stakeholders often have difficulty expressing such expectations. Elaborate (and expensive) frameworks to identify, analyze, validate and incorporate security requirements for large software systems (and organizations) have been proposed, however, small organizations working within short development lifecycles and minimal resources cannot justify such frameworks and often need a light and practical approach to security requirements engineering that can be easily integrated into their existing development processes. This work presents an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small organizations. The approach is based on identifying candidate security goals using part of speech (POS) tagging, categorizing security goals based on canonical security definitions, and understanding the stakeholder goals to develop preliminary security requirements and to prioritize them. It uses a case study to validate the feasibility and effectiveness of the proposed approach.

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes

MLA

APA

Chicago

Export Reference

Abstract

Request Access