Pattern and Security Requirements Engineering-Based Establishment of
Security threats are a significant problem for information technology companies today. This book focuses on how to mitigate these threats by using security standards and provides ways to address associated problems faced by engineers caused by ambiguities
- PDF / 24,676,683 Bytes
- 489 Pages / 453.543 x 683.15 pts Page_size
- 14 Downloads / 171 Views
Pattern and Security Requirements Engineering-Based Establishment of Security Standards
Pattern and Security Requirements
Kristian Beckers
Pattern and Security Requirements Engineering-Based Establishment of Security Standards
123
Kristian Beckers paluno—The Ruhr Institute for Software Technology University of Duisburg-Essen Duisburg Germany
ISBN 978-3-319-16663-6 DOI 10.1007/978-3-319-16664-3
ISBN 978-3-319-16664-3
(eBook)
Library of Congress Control Number: 2015935414 Springer Cham Heidelberg New York Dordrecht London © Springer International Publishing Switzerland 2015 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. Printed on acid-free paper Springer International Publishing AG Switzerland is part of Springer Science+Business Media (www.springer.com)
To my wife with love and gratitude
Foreword
Information security concerns have to be addressed in most domains. In particular, governments, private and public organizations and other enterprises have to protect themselves against ongoing and evolving security threats. The Norwegian government has issued a Cyber Security Strategy1 for Norway to address the rising security issues in information and communication technology (ICT). The report states that security has to be analyzed and treated at a system level and not exclusively focus on fixing individual vulnerabilities of technical devices. The goal should be to achieve an acceptable security level for the entire organization. System level security can be achieved by establishing a so-called information security management system (ISMS). An ISMS is a comprehensive and systematic process that ensures an organization can identify and protect itself adequately against security threats. Creating an ISMS is by no means a simple task and the Cyber Security Strategy for Norway recommends making use of recognized standards to support this process. Security standards such as ISO 27001 are helpful descriptions of core concepts of security management. ISO 27001 is quite
