This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
July-Aug. 2014 (vol. 31 no. 4)
pp. 28-31
Jane Cleland-Huang, DePaul University
Imagine that you're building a software system that collects healthcare data and financial information from its users. It might seem obvious that this personal information should be protected from prying eyes through access control mechanisms, audit trails, transaction controls, transmission encryption, and so on--in fact, perhaps so obvious that in many cases people perform only a cursory security analysis and produce rather generic security requirements. But is this the right way to build secure software? Are security requirements so similar across projects that we simply don't need to invest the time to explore product-level needs or to document requirements at an individual level for each project? The Web extra at http://youtu.be/qoocRI-7yRQ is an audio podcast in which author Jane Cleland-Huang discusses the importance of making informed decisions about how much time and effort to invest in analyzing security needs and specifying product-level security requirements.
Index Terms:
Network security,Software development,Productivity,Medical services,Information services,security,requirements,software engineering,cybersecurity,attackers
Citation:
Jane Cleland-Huang, "How Well Do You Know Your Personae Non Gratae?," IEEE Software, vol. 31, no. 4, pp. 28-31, July-Aug. 2014, doi:10.1109/MS.2014.85
Usage of this product signifies your acceptance of the Terms of Use.