International E-publication: Publish Projects, Dissertation, Theses, Books, Souvenir, Conference Proceeding with ISBN.  International E-Bulletin: Information/News regarding: Academics and Research

Cybernetics Security Requirements and Reuse for Improving Information Systems Security

Author Affiliations

  • 1UP Beej Vikas Nigam Mahanager, Lucknow, UP, INDIA
  • 2 Emrald 9 Institute of Management Deva Road Barabanki, UP, INDIA

Res. J. Engineering Sci., Volume 1, Issue (5), Pages 51-54, November,26 (2012)

Abstract

Information systems security issues have usually been considered only after the system has been developed completely, and rarely during its design, coding, testing or deployment. However, the advisability of considering security from the very beginning of the system development has recently begun to be appreciated, and in particular in the system requirements specification phase. We present a practical method to elicit and specify the system and software requirements, including a repository containing reusable requirements, a spiral process model, and a set of requirements documents templates. In this paper, this method is focused on the security of information systems and, thus, the reusable requirements repository contains all the requirements taken from MAGERIT, the Spanish public administration risk analysis and management method, which conforms to ISO 15408, Common Criteria Framework. Any information system including these security requirements must therefore pass a risk analysis and management study performed with MAGERIT. The requirements specification templates are hierarchically structured and are based on IEEE standards. Finally, we show a case study in a system of our regional administration aimed at managing state subsidies.

References

  1. Constitutional Law 15/1999 of December 13, on Protection of private data of individuals in Spain. (Ley Orgánica 15/1999, de 13 de diciembre, de Protección de Datos de Carácter Personal en España), (In Spanish) (2012)
  2. Real Decreto 994/1999, of June 11, in which the Ruling on security measures of automated files containing private data on individuals is passed. (Real Decreto 994/1999, de de junio, por el que se aprueba el Reglamento de medidas de seguridad de los ficheros automatizados que contengan datos de carácter personal), (In Spanish), 24241 (1999)
  3. Infosec. Information Security Breaches Survey, http://www.infosec.co.uk (2000)
  4. ISO/IEC Std. 15408, Evaluation Criteria for Information Technology Security (2009)
  5. CCTA, SSADM-CRAMM Subject Guide for SSADM Version 3 and CRAMM Version 2, Central Computer and Telecommunications Agency, IT Security and Privacy Group, Her Majesty's Government, London, (2011)
  6. CLUSIF, MARION version 98, La Commission Méthodes du CLUSIF (Club de la Securité des Systèmes d'Information Français) (2008)
  7. MAP, Metodología de Análisis y Gestión de Riesgos del Ministerio de Administraciones Públicas Español, MAGERIT v.1.0. (In Spanish) (2006)
  8. Kotonya G. and Sommerville I., Requirements Engineering. Processes and Techniques, John Wiley and Sons, (2004)
  9. Robertson S. and Robertson J., Mastering the requirement process, Addison-Wesley, (2005)
  10. Sommerville I., Software Engineering (6th edition),Pearson Education Limited (2001)
  11. IEEE Std 830-1998, Guide to Software Requirements Specifications (ANSI), The Institute of Electrical and Electronics Engineers, Inc. IEEE Software Engineering Standards Collection, (2001)