| doi:10.2201/NiiPi.2008.5.4 |
| Curriculum design and methodologies for security requirements analysis |
| Kenji TAGUCHI1 and Yasuyuki TAHARA2 |
| 1,2National Institute of Informatics
|
(Received: September 28, 2007)
(Revised: November 14, 2007)
(Accepted: December 12, 2007)
|
Abstract:
Lack of security is one of the most widespread problems affecting information systems. Security breaches at companies are reported almost everyday and users of computer systems
arebusy updating security of their computer system against vulnerabilities. While some of
these problems are caused by human errors and faults of physical devices but the majority of
them are due to the defects in software systems.The best way to reduce them is to find and fix
them in an early stage of the software development, especially in the requirements elicitation
and analysis phases. In this paper, we will present how we designed a security requirements
analysis course to address this issue. We will also present security requirements elicitation
methodologies based on the agent-and goal-oriented requirements analysis methodologies of
KAOS and i*.
|
Keywords:
Security, requirements analysis, KAOS, i*, RBAC, CC
|
|
|
| PDF(1,748KB) | References |
National Institute of Informatics is a member of CrossRef.
|
