Un Proceso de Ingeniería de Requisitos de Seguridad en la Práctica (A Security Requirements Engineering Process in Practice)

Daniel Mellado (Daniel.Mellado@alu.uclm.es)1, Eduardo Fernández-Medina (Eduardo.FdezMedina@uclm.es)2, Mario Piattini (Mario.Piattini@uclm.es)2


1entro Informático del Instituto Nacional de la Seguridad Social, Madrid
2Grupo Alarcos. Departamento de Tecnologías y Sistemas de Información. Universidad de Castilla-La Mancha

This paper appears in: Revista IEEE América Latina

Publication Date: July 2007
Volume: 5,   Issue: 4 
ISSN: 1548-0992


Abstract:
Security requirements for the IT-systems are being more and more complicated due to the scale-spreading, diversification and connectivity of them, therefore it is very difficult to make an Information System secure. Without a systematic process or methodology security requirements are often retrofitted late in the development process or pursed separately from functional design. A real case study is shown in this paper demonstrating how security requirements can be obtained in a guided, intuitive and systematic way together with the other requirements and since the early stages of the software development process by applying our proposed security requirements engineering process, called SREP, which is based on providing a security resources repository and on integrating the Common Criteria into the software development lifecycle.

Index Terms:
Software requirements and specifications, security, software engineering, information security, software safety, software quality   


Documents that cite this document
This function is not implemented yet.


[PDF Full-Text (254)]