Pattern and Security Requirements: Engineering-Based Establishment of Security Standards
Autor Kristian Beckersen Limba Engleză Paperback – 6 oct 2016
Standards such as Common Criteria or ISO 27001 are explored and several extensions are provided to well-known SRE methods such as Si*, CORAS, and UML4PF to support the establishment of these security standards. Through careful analysis of the activities demanded by the standards, for example the activities to establish an Information Security Management System (ISMS) in compliance with the ISO 27001 standard, methods are proposed which incorporate existing security requirement approaches and patterns.
Understanding Pattern and Security Requirements engineering methods is important for software engineers, security analysts and other professionals that are tasked with establishing a security standard, as well as researchers who aim to investigate the problems with establishing security standards. The examples and explanations in this book are designed to be understandable by all these readers.
Toate formatele și edițiile | Preț | Express |
---|---|---|
Paperback (1) | 613.57 lei 39-44 zile | |
Springer International Publishing – 6 oct 2016 | 613.57 lei 39-44 zile | |
Hardback (1) | 625.50 lei 39-44 zile | |
Springer International Publishing – 28 apr 2015 | 625.50 lei 39-44 zile |
Preț: 613.57 lei
Preț vechi: 766.96 lei
-20% Nou
Puncte Express: 920
Preț estimativ în valută:
117.43€ • 123.88$ • 97.86£
117.43€ • 123.88$ • 97.86£
Carte tipărită la comandă
Livrare economică 30 decembrie 24 - 04 ianuarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9783319365879
ISBN-10: 3319365878
Pagini: 499
Ilustrații: XXV, 474 p. 186 illus.
Dimensiuni: 155 x 235 x 26 mm
Greutate: 0.69 kg
Ediția:Softcover reprint of the original 1st ed. 2015
Editura: Springer International Publishing
Colecția Springer
Locul publicării:Cham, Switzerland
ISBN-10: 3319365878
Pagini: 499
Ilustrații: XXV, 474 p. 186 illus.
Dimensiuni: 155 x 235 x 26 mm
Greutate: 0.69 kg
Ediția:Softcover reprint of the original 1st ed. 2015
Editura: Springer International Publishing
Colecția Springer
Locul publicării:Cham, Switzerland
Cuprins
Foreword.- Preface.- Introduction.- Background.- The PEERESS Framework.- The CAST Method for Comparing Security Standards.- Relating ISO 27001 to the Conceptual Framework for Security Requirements Engineering Methods.- Supporting ISO 27001 compliant ISMS Establishment with Si*.- Supporting ISO 27001 Establishment with CORAS.- Supporting Common Criteria Security Analysis with Problem Frames.- Supporting ISO 26262 Hazard Analysis with Problem Frames.- A Catalog of Context-Patterns.- Initiating a Pattern Language for Context-Patterns.- Supporting the Establishment of a cloud-specific ISMS according to ISO 27001 using the Cloud System Analysis Pattern.- Validation and Extension of our Context-Pattern Approach.- Conclusion.
Recenzii
“The book presents the results of comprehensiveresearch aimed at creating a method for threat analysis and the mitigation ofrisks through the comparative study of existing standards. … The book isinteresting for practitioners who have to create enterprise-wide securitypolicies and standards. It is worth reading for researchers who deal with theformal and semi-formal modeling of the security domain.” (Bálint Molnár, ComputingReviews, September, 2015)
Textul de pe ultima copertă
Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards.
Standards such as Common Criteria or ISO 27001 are explored and several extensions are provided to well-known SRE methods such as Si*, CORAS, and UML4PF to support the establishment of these security standards. Through careful analysis of the activities demanded by the standards, for example the activities to establish an Information Security Management System (ISMS) in compliance with the ISO 27001 standard, methods are proposed which incorporate existing security requirement approaches and patterns.
Understanding Pattern and Security Requirements engineering methods is important for software engineers, security analysts, and other professionals that are tasked with establishing a security standard, as well as researchers who aim to investigate the problems with establishing security standards. The examples and explanations in this book are designed to be understandable by all these readers.
Standards such as Common Criteria or ISO 27001 are explored and several extensions are provided to well-known SRE methods such as Si*, CORAS, and UML4PF to support the establishment of these security standards. Through careful analysis of the activities demanded by the standards, for example the activities to establish an Information Security Management System (ISMS) in compliance with the ISO 27001 standard, methods are proposed which incorporate existing security requirement approaches and patterns.
Understanding Pattern and Security Requirements engineering methods is important for software engineers, security analysts, and other professionals that are tasked with establishing a security standard, as well as researchers who aim to investigate the problems with establishing security standards. The examples and explanations in this book are designed to be understandable by all these readers.
Caracteristici
Presents new research methodologies in exploring the relations between Security Standards and SRE methods Addresses the associated ambiguities within security standards Analyses several standards and extensions, giving readers a broader understanding of the field Provides practical examples for software engineers and security analysts Includes supplementary material: sn.pub/extras