- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
This book provides a coherent overview of the most important modelling-related security techniques available today, and demonstrates how to combine them. Further, it describes an integrated set of systematic practices that can be used to achieve increased security for software from the outset, and combines practical ways of working with practical ways of distilling, managing, and making security knowledge operational.
The book addresses three main topics: (1) security requirements engineering, including security risk management, major activities, asset identification, security risk analysis and defining security requirements; (2) secure software system modelling, including modelling of context and protected assets, security risks, and decisions regarding security risk treatment using various modelling languages; and (3) secure system development, including effective approaches, pattern-driven development, and model-driven security.
The primary target audience of this book is graduate students studying cyber security, software engineering and system security engineering. The book will also benefit practitioners interested in learning about the need to consider the decisions behind secure software systems. Overall it offers the ideal basis for educating future generations of security experts.
Contents
1 Introduction.- 2 Domain Model for Information Systems Security Risk Management.- 3 Security Risk.- 4 Security Requirements.- 5 Security Risk-Oriented BPMN.- 6 Security Risk-Aware Secure Tropos.- 7 Security Risk-Oriented Misuse Cases.- 8 Mal-activities for Security Risk Management.- 9 Transformations Between Security Risk-Oriented Modelling Languages.- 10 Role-Based Access Control.- 11 Secure System Development Using Patterns.- 12 Secure System Development.- 13 References.
