000 04274nam a22004815i 4500
003 DE-He213
005 20231104114219.0
007 cr nn 008mamaa
008 150415s2015 gw | s |||| 0|eng d
020 _a9783319166643
_z978-3-319-16664-3
024 7 _a10.1007/978-3-319-16664-3
_2doi
050 4 _aQA76.9.A25
072 7 _aUR
_2bicssc
072 7 _aCOM053000
_2bisacsh
072 7 _aUR
_2thema
072 7 _aUTN
_2thema005.8
_223
100 1 _aBeckers, Kristian.
_eauthor.
_4aut
_4http://id.loc.gov/vocabulary/relators/aut
245 1 0 _aPattern and Security Requirements :
_bEngineering-Based Establishment of Security Standards /
_cby Kristian Beckers.
264 1 _aCham :
_bSpringer International Publishing :
_bImprint: Springer,
_c2015.
300 _a1 online resource
336 _atext
_btxt
_2rdacontent
337 _acomputer
_bc
_2rdamedia
338 _aonline resource
_bcr
_2rdacarrier
347 _atext file
_bPDF
_2rda
505 0 _aForeword -- Preface -- Introduction -- Background -- The PEERESS Framework -- The CAST Method for Comparing Security Standards -- Relating ISO 27001 to the Conceptual Framework for Security Requirements Engineering Methods -- Supporting ISO 27001 compliant ISMS Establishment with Si* -- Supporting ISO 27001 Establishment with CORAS -- Supporting Common Criteria Security Analysis with Problem Frames -- Supporting ISO 26262 Hazard Analysis with Problem Frames -- A Catalog of Context-Patterns -- Initiating a Pattern Language for Context-Patterns -- Supporting the Establishment of a cloud-specific ISMS according to ISO 27001 using the Cloud System Analysis Pattern -- Validation and Extension of our Context-Pattern Approach -- Conclusion.
520 _aSecurity threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities in the standards. The security standards are analysed, fundamental concepts of the security standards presented, and the relations to the elementary concepts of security requirements engineering (SRE) methods explored. Using this knowledge, engineers can build customised methods that support the establishment of security standards. Standards such as Common Criteria or ISO 27001 are explored and several extensions are provided to well-known SRE methods such as Si*, CORAS, and UML4PF to support the establishment of these security standards. Through careful analysis of the activities demanded by the standards, for example the activities to establish an Information Security Management System (ISMS) in compliance with the ISO 27001 standard, methods are proposed which incorporate existing security requirement approaches and patterns. Understanding Pattern and Security Requirements engineering methods is important for software engineers, security analysts, and other professionals that are tasked with establishing a security standard, as well as researchers who aim to investigate the problems with establishing security standards. The examples and explanations in this book are designed to be understandable by all these readers.
650 0 _aComputer security.
650 0 _aInformation Systems.
650 0 _aSystem safety.
650 0 _aArtificial intelligence.
650 0 _aComputer science.
650 1 4 _aSystems and Data Security.
_0http://scigraph.springernature.com/things/product-market-codes/I28060
650 2 4 _aManagement of Computing and Information Systems.
_0http://scigraph.springernature.com/things/product-market-codes/I24067
650 2 4 _aQuality Control, Reliability, Safety and Risk.
_0http://scigraph.springernature.com/things/product-market-codes/T22032
650 2 4 _aArtificial Intelligence.
_0http://scigraph.springernature.com/things/product-market-codes/I21000
650 2 4 _aModels and Principles.
_0http://scigraph.springernature.com/things/product-market-codes/I18016
710 2 _aSpringerLink (Online service)
856 4 0 _uhttps://doi.org/10.1007/978-3-319-16664-3
_3Springer eBooks
_zOnline access link to the resource
912 _aZDB-2-SCS
999 _c200433792
_d52004
942 _2lcc
_cEBK
041 _aeng