A Framework For Security Requirements Engineering

A Framework for Security Requirements Engineering

ISSE 2006 Securing Electronic Business Processes

This book presents the most interesting talks given at ISSE 2006 - the forum for the interdisciplinary discussion of how to adequately secure electronic business processes. The topics include: Smart Token and e-ID-Card Developments and their Application - Secure Computing and how it will change the way we trust computers - Risk Management and how to quantify security threats - Awareness raising, Data Protection and how we secure corporate information. Adequate information security is one of the basic requirements of all electronic business processes. It is crucial for effective solutions that the possibilities offered by security technology can be integrated with the commercial requirements of the applications. The reader may expect state-of-the-art: best papers of the Conference ISSE 2006.

Non-Functional Requirements in Software Engineering

Non-Functional Requirements in Software Engineering presents a systematic and pragmatic approach to `building quality into' software systems. Systems must exhibit software quality attributes, such as accuracy, performance, security and modifiability. However, such non-functional requirements (NFRs) are difficult to address in many projects, even though there are many techniques to meet functional requirements in order to provide desired functionality. This is particularly true since the NFRs for each system typically interact with each other, have a broad impact on the system and may be subjective. To enable developers to systematically deal with a system's diverse NFRs, this book presents the NFR Framework. Structured graphical facilities are offered for stating NFRs and managing them by refining and inter-relating NFRs, justifying decisions, and determining their impact. Since NFRs might not be absolutely achieved, they may simply be satisfied sufficiently (`satisficed'). To reflect this, NFRs are represented as `softgoals', whose interdependencies, such as tradeoffs and synergy, are captured in graphs. The impact of decisions is qualitatively propagated through the graph to determine how well a chosen target system satisfices its NFRs. Throughout development, developers direct the process, using their expertise while being aided by catalogues of knowledge about NFRs, development techniques and tradeoffs, which can all be explored, reused and customized. Non-Functional Requirements in Software Engineering demonstrates the applicability of the NFR Framework to a variety of NFRs, domains, system characteristics and application areas. This will help readers apply the Framework to NFRs and domains of particular interest to them. Detailed treatments of particular NFRs - accuracy, security and performance requirements - along with treatments of NFRs for information systems are presented as specializations of the NFR Framework. Case studies of NFRs for a variety of information systems include credit card and administrative systems. The use of the Framework for particular application areas is illustrated for software architecture as well as enterprise modelling. Feedback from domain experts in industry and government provides an initial evaluation of the Framework and some case studies. Drawing on research results from several theses and refereed papers, this book's presentation, terminology and graphical notation have been integrated and illustrated with many figures. Non-Functional Requirements in Software Engineering is an excellent resource for software engineering practitioners, researchers and students.