Abstract
Organizations’ integrate different systems and software applications in order to provide a complete set of services to their customers. However, different types of organisations are facing a common problem today, namely problems with security in their systems. The reason is that focus is on functionality rather than security. Besides that, security, if considered, comes too late in the system and software engineering processes; often during design or implementation phase. Moreover, majority of system engineers do not have knowledge in security. However, security experts are rarely involved in development process. Thus, systems are not developed with security in mind, which usually lead to problems and security breaches. We propose an approach of integration security throughout engineering process. To assure that necessary actions concerning security have been taken during development process, we propose semi-automated preventive controls.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andersson, R.: Security Engineering A guide to building Dependable Distributed Systems, 2nd edn.
Avizienis, A., Laprie, J.-C., Randell, B.: Fundamental Concepts of Dependability. UCLA CSD Report no. 010028 LAAS Report no. 01-145 Newcastle University Report no.CS-TR-739
Bishop, M.: Introduction to Computer Security. Pearson Education, Inc., London (2005)
Allen, J.H., Barnum, S., Ellisson, R.J., McGraw, G., Mead, N.: Software Security Engineering A Guide for Project Managers. Addison-Wesley, Reading (2008)
CC, 2006. Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Information. Version 3.1 Revision 1 (September 2006)
COSO-ERM Enterprise Risk Management —Integrated Framework. Executive Summary (September 2004)
Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: A Framework to security requirements engineering. In: SESS 2006, Shanghai, China, May 20–21, 2006. ACM, New York (2006)
Haridas, N.: Software Engineering – Security as a Process in the SDLC, April 2, 2007. SANS Institute InfoSec Reading Room (2007)
Howard, M., LeBlanc, D.: Writing Secure Code, 2nd edn. Microsoft Press (2003) ISBN 0-7356-1722-8
Magnusson, C.: Corporate Governance, Internal Control and Compliance (September 2007), http://www.svensktnaringsliv.se/material/rapporter/article35898.ece
McGraw, G.: Software Security Building Security in. Addison-Wesley, Pearson (2006)
Mouratidis, H., Giorgini, P., Manson, G.: When security meets software. engineering: A case of modelling secure information systems (2005) ISSN: 0306-4379
Pfleeger, S.L.: Software Engineering Theory and Practice, 2nd edn. Prentice-Hall, Inc., Englewood Cliffs (2001)
Rice, D.: Geekonomics The Real Cost of Insecure Software. Pearson Ed. Inc., London (2008)
Sherwood, J., Clark, A., Lynas, D.: Enterprise Security Architecture A Business-Driven Approach. CMP Books (2005) ISBN 1-57820318-X
Swiderski, F., Snyder, W.: Threat Modelling. Microsoft Press (2004) ISBN 0-7356-1991-3
Van Vliet, H.: Software Engineering Principles and Practice, 2nd edn. John Wiley and sons, Chichester (2004)
Boer, T., Booijink, T., Liezenberg, C., Nienhuis(Innopay), J.J., Bryant, C., Pruneau(EBA), A.: E-invoicing 2008 European market description and analysis. V. 1.0 February 2008 Copyright © 2008 Euro Banking Association (EBA) and Innopay
Lindström, C., Näsström, S.: Handbook for Software in Safety-Critical Applications. Swedish Armed Forces (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Moradian, E. (2009). System Engineering Security. In: Velásquez, J.D., RĂos, S.A., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2009. Lecture Notes in Computer Science(), vol 5712. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04592-9_102
Download citation
DOI: https://doi.org/10.1007/978-3-642-04592-9_102
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04591-2
Online ISBN: 978-3-642-04592-9
eBook Packages: Computer ScienceComputer Science (R0)