The open archive for STFC research publications

Full Record Details

Persistent URL http://purl.org/net/epubs/work/36960
Record Status Checked
Record Id 36960
Title Security Risk Mitigation for Information Systems
Abstract Abstract ? Security risk mitigation is a salient issue in systems development research. This paper introduces a light weight approach to security risk mitigation, that can be used within an Agile Development framework, the Security Obstacle Mitigation Model (SOMM). The SOMM uses the concept of Trust Assumptions to derive obstacles and the concept of Misuse Cases to model the obstacles. A synthetic scenario, based on an on-line system, shows how the SOMM is used to anticipate malicious behaviour with respect to an operational Information System and to document a priori how this malicious behaviour should be mitigated. Since the SOMM is conceptually simple in deployment, its use is well within the capacities of the users who form part of an Agile Development team and crucially it should not take up a significant amount of development time.
Organisation CCLRC , ESC
Keywords Engineering , Security risk mitigation , Obstacle analysis , Misuse case , Mitigation case
Funding Information
Related Research Object(s):
Licence Information:
Language English (EN)
Type Details URI(s) Local file(s) Year
Journal Article BT Technol J 25, no. 1 (2007): 118-127. doi:10.1007/s10550-007-0014-8 BTTJ_25_2007p118.pdf 2007