Alignment of Misuse Cases with Security Risk Management

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Raimundas Matulevicius Articles by Nicolas Mayer Articles by Patrick Heymans

2008 Third International Conference on Availability, Reliability and Security

March 04-March 07

ISBN: 978-0-7695-3102-1

	ASCII Text	x
	Raimundas Matulevicius, Nicolas Mayer, Patrick Heymans, "Alignment of Misuse Cases with Security Risk Management," Availability, Reliability and Security, International Conference on, pp. 1397-1404, 2008 Third International Conference on Availability, Reliability and Security, 2008.

	BibTex	x
	@article{ 10.1109/ARES.2008.88, author = {Raimundas Matulevicius and Nicolas Mayer and Patrick Heymans}, title = {Alignment of Misuse Cases with Security Risk Management}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3102-1}, pages = {1397-1404}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2008.88}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - Alignment of Misuse Cases with Security Risk Management SN - 978-0-7695-3102-1 SP1397 EP1404 A1 - Raimundas Matulevicius, A1 - Nicolas Mayer, A1 - Patrick Heymans, PY - 2008 KW - Security risk management KW - Misuse cases KW - Requirements engineering KW - Information systems VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Raimundas Matulevicius

Nicolas Mayer

Patrick Heymans

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2008.88

It is recognised that security has to be addressed through the whole system development process. However current practices address security only in late stages, i.e., development or maintenance. Due to the success of UML use cases, misuse cases have been accepted by industry as a means to tackle security. However misuse cases, firstly, lack a precise application process, secondly, are too general which results in under-definition or misinterpretation of their concepts. In this paper we examine misuse cases in the light of a reference model for information system security risk management (ISSRM). Using the well-known Meeting Scheduler example we show how misuse cases can be used to follow a security risk management process. Next we check the misuse case ontology according to the concepts found in current risk management standards. The paper suggests improvements for the conceptual appropriateness of misuse cases for the security risk domain.

Index Terms:

Security risk management, Misuse cases, Requirements engineering, Information systems

Citation:

Raimundas Matulevicius, Nicolas Mayer, Patrick Heymans, "Alignment of Misuse Cases with Security Risk Management," ares, pp.1397-1404, 2008 Third International Conference on Availability, Reliability and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.