Security Risk Management Domain Model
|
|
- Trevor French
- 6 years ago
- Views:
Transcription
1 Lecture 2: Security Modelling Understanding security goals and secure business activities Dr. Raimundas Matulevičius 1" Security Risk Management Domain Model "2""
2 Goals and Questions What is modelling? What is Tropos Secure Tropos Security Risk-aware Secure Tropos What is BPMN Security risk-oriented BPMN 3" What is Modelling? "5""
3 Modelling Modelling can guide elicitation: It can help you figure out what questions to ask It can help to surface hidden requirements i.e. does it help you ask the right questions? Modelling can provide a measure of progress: Completeness of the models -> completeness of the elicitation (?) i.e. if we ve filled in all the pieces of the models, are we done? Modelling can help to uncover problems Inconsistency in the models can reveal interesting things e.g. conflicting or infeasible requirements e.g. confusion over terminology, scope, etc e.g. disagreements between stakeholders Modelling can help us check our understanding Reason over the model to understand its consequences Does it have the properties we expect? Animate the model to help us visualise/validate the requirements "6"" Systems involves a lot of modelling A model is more than just a description it has its own phenomena, and its own relationships among those phenomena. The model is only useful if the model s phenomena correspond in a systematic way to the phenomena of the domain being modelled The application domain Book (1,n) author ISBN title name (0,n) Person The modelling domain Designations for the application domain B = Book P = Person R = Wrote Book: entity Person: entity author: relation Designations for the model s domain Common Properties For every B, at least one P exists such that R(P, B) Source: Adapted from Jackson, 1995, p "7""
4 It s only a model There will always be: phenomena in the model that are not present in the application domain phenomena in the application domain that are not in the model Book (1,n) author ISBN title name DOB (0,n) Person Phenomena not captured in the model ghost writers pseudonyms anonymity Common Phenomena every book has at least one author every book has a unique ISBN A model is never perfect If the map and the terrain disagree, believe the terrain Perfecting the model is not always a good use of your time... Source: Adapted from Jackson, 1995, p124-5 Phenomena not true in the world no two people born on same date with same name 8" Modelling Languages Early requirements Late requirements Architectural design Detailed design Implementation and testing BPMN i* (actor and goal modelling) KAOS (goals for software spec.) Use cases Activity diagrams Class diagrams Component diagrams "9""
5 Security Modelling Languages Early requirements Late requirements Architectural design Detailed design Implementation and testing Security Risk-oriented BPMN Secure TROPOS KAOS extension to security Misuse cases Mal-activity diagrams UMLsec SecureUML "10"" Security Modelling Languages Early requirements Late requirements Architectural design Detailed design Implementation and testing Security Risk-oriented BPMN Secure TROPOS KAOS extension to security Misuse cases Mal-activity diagrams UMLsec SecureUML "11""
6 Goal modelling Approach Focus on why a system is required Use goal refinement to arrive at specific requirements Goal analysis document, organize and classify goals Goal hierarchies show refinements and alternatives Advantages Reasonably intuitive Explicit declaration of goals provides sound basis for conflict resolution Disadvantages Captures a static picture - what if goals change over time? Can regress forever up (or down) the goal hierarchy 13 Goals:- Describe"func2ons"that" must"be"carried"out" Actors:- Tips:- Owners"of"goals" Mul2ple"sources"?"be@er" goals" Associate"stakeholders"with" each"goal" Use"scenarios"to"explore" how"goals"can"be"met" Tropos Constructs 14"
7 "15"" Tropos Constructs 16"
8 Secure Tropos Security constraint Restriction related to the security of the system Influence the analysis and design of a system Restricts alternative design solutions Secure dependency Introduces security constraint(s) that must be fulfilled for the dependency to be satisfied "17"" Security risk management process "19""
9 Context and Assets Identification Description of organisation and its environment sensitive activities related to information security "20"" 20" Security Objectives Determination Determine the security objectives to be reached Confidentiality, Integrity, Availability "21"" 21"
10 Risk Analysis and Assessment Identify risks and estimate them qualitatively or quantitatively "22"" 22" Risk Analysis and Assessment Identify risks and estimate them qualitatively or quantitatively "23"" 23"
11 Risk Treatment Decisions Avoiding-risk- Transferring-risk- Retaining-risk- Reducing-risk- Risk-treatment- decisions- Defini?on- Decision"not"to"be"involved"in,"or"to" withdraw"from"a"risk" Sharing"with"another"party"the" burden"of"loss"for"a"risk" Accep2ng"the"burden"of"loss"from"a" risk" Ac2on"to"lessen"the"probability," nega2ve"consequences,"or"both," associated"with"a"risk" "24"" 24" Security Requirements Definition Security requirements - security solutions to mitigate the risks "25"" If security requirements are unsatisfactory Revise the risk treatment step Revise all of the preceding steps 25"
12 Control Selection and Implementations Implement system countermeasures within organisation "26"" 26" Business Process Modelling Approach What organisation needs to do to achieve their business objectives? Advantages Reasonably intuitive Explicit declaration of business activities, processes and sub-processes Disadvantages Captures only a dynamic picture Not focussed on the business support by technology 28
13 Business Process Model and Notation version 2.0 Descriptive Modelling Analytical Modelling Executable Modelling "29"" (White, 2004, Business Process Model and Notation Simple example "30"" (White, 2004,
14 31" Asset identification // Security objectives determination "34"" 34"
15 Risk Analysis "35"" 35" Risk Treatment Decisions Avoiding-risk- Transferring-risk- Retaining-risk- Reducing-risk- Risk-treatment- decisions- Defini?on- Decision"not"to"be"involved"in,"or"to" withdraw"from"a"risk" Sharing"with"another"party"the" burden"of"loss"for"a"risk" Accep2ng"the"burden"of"loss"from"a" risk" Ac2on"to"lessen"the"probability," nega2ve"consequences,"or"both," associated"with"a"risk" "36"" 36"
16 Security Requirements Definition Security requirements - security solutions to mitigate the risks "37"" If security requirements are unsatisfactory Revise the risk treatment step Revise all of the preceding steps 37" Control Selection and Implementation "38"" 38"
17 Message to take home Security Modelling Security Modelling Languages Security risk-aware Secure Tropos Security risk-oriented BPMN Misuse cases Mal-activity diagrams 40"
Goal. Introduce the bases used in the remaining of the book. This includes
Fundamentals of Secure System Modelling Springer, 2017 Chapter 1: Introduction Raimundas Matulevičius University of Tartu, Estonia, rma@ut.ee Goal Introduce the bases used in the remaining of the book.
More informationEXAMINATION [The sum of points equals to 100]
Student name and surname: Student ID: EXAMINATION [The sum of points equals to 100] PART I: Meeting Scheduling example Description: Electronic meeting Scheduling system helps meeting initiator to schedule
More informationChapter 1 Introduction
Chapter 1 Introduction Secure system development is not a trivial task. It comprises a number of activities, which need to be combined, analysed, and executed to produce a secure software system. In this
More informationModelling. What!is!Modelling?!
Software Engineering Modelling! Dr. Raimundas Matulevičius University of Tartu rma@ut.ee Partially based on Prof. Steve Easterbrook lecturers on Requirements Engineering, University of Toronto KAOS A.
More informationAligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions
Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions Mohammad Jabed Morshed Chowdhury 1, 2, Raimundas Matulevičius 1, Guttorm Sindre 2, and Peter Karpati 2
More informationStudent name and surname: Student ID: EXAMINATION
Student name and surname: Student ID: EXAMINATION The exam is open-book, open-laptop, and open-internet. You are not allowed to share information with anyone during the exam other than the lecturer. You
More informationA Model Transformation from Misuse Cases to Secure Tropos
A Model Transformation from Misuse Cases to Secure Tropos Naved Ahmed 1, Raimundas Matulevičius 1, and Haralambos Mouratidis 2 1 Institute of Computer Science, University of Tartu, Estonia {naved,rma}@ut.ee
More informationModeling Issues Modeling Enterprises. Modeling
Modeling Issues Modeling Enterprises SE502: Software Requirements Engineering Modeling Modeling can guide elicitation: It can help you figure out what questions to ask It can help to surface hidden requirements
More informationExtension and Application of Eventdriven Process Chain for Information System Security Risk Management
UNIVERSITY OF TARTU FACULTY OF MATHEMATICS AND COMPUTER SCIENCE Institute of Computer Science Yenal Turan Extension and Application of Eventdriven Process Chain for Information System Security Risk Management
More informationLecture 4: Goals and Scenarios. System context. Usage facet. IT system facet. Core activities. Negotiation. Requirements artefacts
Lecture 4: Goals and Scenarios Stakeholders Identifying the problem owners Goals Identifying the success criteria Scenarios Identifying how it works 1 System context Subject facet Usage facet IT system
More informationLecture 8: Goals and Scenarios. Pohl K., Requirements Engineering: Fundamentals, Principles, and Techniques, Springer, 2010, 814p.
Lecture 8: Goals and Scenarios Pohl K., Requirements Engineering: Fundamentals, Principles, and Techniques, Springer, 2010, 814p. 2 Documenting Goals 3 Documenting Goals 1. Each goal must have a unique
More informationLecture 8 Requirements Engineering
Lecture 8 Requirements Engineering Software Engineering ITCS 3155 Fall 2008 Dr. Jamie Payton Department of Computer Science University of North Carolina at Charlotte September 18, 2008 Lecture Overview
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27005 Risk Manager www.pecb.com The objective of the PECB Certified ISO/IEC 27005 Risk Manager examination is to ensure that the candidate
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 31000 Risk Manager www.pecb.com The objective of the PECB Certified ISO 31000 Risk Manager examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 21500 Lead Project Manager The objective of the PECB Certified ISO 21500 Lead Project Manager examination is to ensure that the candidate has the knowledge and
More informationFrom Zero to Security Hero
From Zero to Security Hero Dr Carl Shaw IoTSF Security Conference December 2018 PUBLIC Making products that are secure by design Who am I? Some of our clients: Our recent project types Silicon devices
More informationRequirements Engineering. Csaba Veres
Requirements Engineering Csaba Veres utline What is requirements engineering? Why is it important? How can you do it (properly)? an Requirements engineering, P11 overview quality evaluation (validation)
More informationTropos: Security. Agent-Oriented Software Engineering course Laurea Specialistica in Informatica A.A
Tropos: Security Paolo Giorgini Department of Information and Communication Technology University of Trento - Italy http://www.dit.unitn.it/~pgiorgio Agent-Oriented Software Engineering course Laurea Specialistica
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More information2017 MRO Performance Areas and an Update on Inherent Risk Assessments
MIDWEST RELIABILITY ORGANIZATION 2017 MRO Performance Areas and an Update on Inherent Risk Assessments Adam Flink, Risk Assessment and Mitigation Engineer November 16, 2016 Improving RELIABILITY and mitigating
More informationLecture 9 Requirements Engineering II
Lecture 9 Requirements Engineering II Software Engineering ITCS 3155 Fall 2008 Dr. Jamie Payton Department of Computer Science University of North Carolina at Charlotte September 23, 2008 Announcements
More informationRequirements Engineering
Requirements Engineering An introduction to requirements engineering Gerald Kotonya and Ian Sommerville G. Kotonya and I. Sommerville 1998 Slide 1 Objectives To introduce the notion of system requirements
More informationObjectives. Architectural Design. Software architecture. Topics covered. Architectural design. Advantages of explicit architecture
Objectives Architectural Design To introduce architectural design and to discuss its importance To explain the architectural design decisions that have to be made To introduce three complementary architectural
More informationSystem context. Usage facet. IT system facet. Core activities
System context Subject facet Usage facet IT system facet Development facet Validation Core activities Observe Documentation the system context to Elicitation detect context changes Manage the execution
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 50001 Lead Auditor The objective of the PECB Certified ISO 50001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationUp and Running Software The Development Process
Up and Running Software The Development Process Success Determination, Adaptative Processes, and a Baseline Approach About This Document: Thank you for requesting more information about Up and Running
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27005 Risk Manager The objective of the Certified ISO/IEC 27005 Risk Manager examination is to ensure that the candidate has the knowledge and the skills to
More informationBUILDING GOOD-QUALITY FUNCTIONAL SPECIFICATION MODEL
BUILDING GOOD-QUALITY FUNCTIONAL SPECIFICATION MODEL A few words on Samares Engineering Research and Consultancy on Systems Engineering Requirement engineering Model-Based Systems Engineering Co-simulation
More informationIntroduction to Software Specifications and Data Flow Diagrams. Neelam Gupta The University of Arizona
Introduction to Software Specifications and Data Flow Diagrams Neelam Gupta The University of Arizona Specification A broad term that means definition Used at different stages of software development for
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Auditor www.pecb.com The objective of the Certified ISO 22000 Lead Auditor examination is to ensure that the candidate has
More informationObservAnt Usability Testing Report
ObservAnt Usability Testing Report by Jason Sterkenburg Team STOMP UX Experts Developers Jason Sterkenburg, Mohammad Beheshti Evelyn Adler, Colin Hogue, Matthew Kersten, Joan Perez Guerrero, Tory Taggert,
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Implementer www.pecb.com The objective of the Certified ISO 22000 Lead Implementer examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate
More informationRequirements Validation and Negotiation
REQUIREMENTS ENGINEERING LECTURE 2017/2018 Joerg Doerr Requirements Validation and Negotiation AGENDA Fundamentals of Requirements Validation Fundamentals of Requirements Negotiation Quality Aspects of
More informationTransformation of analysis model to design model
2010 International Conference on E-business, Management and Economics IPEDR vol.3 (2011) (2011) IACSIT Press, Hong Kong Transformation of analysis model to design model Lalji Prasad Truba College of Engineering
More informationArchitectural Design
Architectural Design Objectives To introduce architectural design and to discuss its importance To explain the architectural design decisions that have to be made To introduce three complementary architectural
More informationSupporting the Context Establishment according to ISO using Patterns
Supporting the Context Establishment according to ISO 27005 using Patterns Kristian Beckers, Stephan Faßbender paluno - The Ruhr Institute for Software Technology - University of Duisburg-Essen, Germany
More informationISO : 2013 Method Statement
ISO 27001 : 2013 Method Statement 1.0 Preface 1.1 Prepared By Name Matt Thomas Function Product Manager 1.2 Reviewed and Authorised By Name Martin Jones Function Managing Director 1.3 Contact Details Address
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationAn Extension of Business Process Model and Notation for Security Risk Management
An Extension of Business Process Model and Notation for Security Risk Management Olga Altuhhova, Raimundas Matulevičius and Naved Ahmed Institute of Computer Science, University of Tartu J. Liivi 2, 50409
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager The objective of the PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager examination is to ensure
More informationISC2. Exam Questions CAP. ISC2 CAP Certified Authorization Professional. Version:Demo
ISC2 Exam Questions CAP ISC2 CAP Certified Authorization Professional Version:Demo 1. Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose
More informationChapter 5 System modeling
Chapter 5 System Modeling Lecture 1 1 Topics covered Context models Interaction models Structural models Behavioral models Model-driven driven engineering 2 System modeling System modeling is the process
More informationA Collaborative User-centered Approach to Fine-tune Geospatial
A Collaborative User-centered Approach to Fine-tune Geospatial Database Design Grira Joel Bédard Yvan Sboui Tarek 16 octobre 2012 6th International Workshop on Semantic and Conceptual Issues in GIS - SeCoGIS
More informationLesson 06. Requirement Engineering Processes
Lesson 06 Requirement Engineering Processes W.C.Uduwela Department of Mathematics and Computer Science Objectives To describe the principal requirements engineering activities and their relationships To
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 14001 Lead Auditor examination is to ensure that the candidate
More informationBCS Practitioner Certificate in Information Risk Management Syllabus
BCS Practitioner Certificate in Information Risk Management Syllabus Version 6.5 April 2017 This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales,
More informationBusiness Process Modelling
CS565 - Business Process & Workflow Management Systems Business Process Modelling CS 565 - Lecture 2 20/2/17 1 Business Process Lifecycle Enactment: Operation Monitoring Maintenance Evaluation: Process
More informationAdministrivia. Added 20 more so far. Software Process. Only one TA so far. CS169 Lecture 2. Start thinking about project proposal
Administrivia Software Process CS169 Lecture 2 Added 20 more so far Will limit enrollment to ~65 students Only one TA so far Start thinking about project proposal Bonus points for proposals that will be
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses
More informationBuilding Information Modeling and Digital Data Exhibit
Document E203 2013 Building Information Modeling and Digital Data Exhibit This Exhibit dated the day of in the year is incorporated into the agreement (the Agreement ) between the Parties for the following
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationRequirements Analysis
Requirements Analysis Based on K. E Wiegers Software Requirements, Chap 5, 14 D. Leffingwell & D. Widrig, Managing Software Requirements A use case approach, Chap 5 Requirements Analysis The process of
More informationFUNCTIONAL MODELLING OF IT RISK ASSESSMENT SUPPORT SYSTEM
FUNCTIONAL MODELLING OF IT RISK ASSESSMENT SUPPORT SYSTEM Artis Teilans 1, Andrejs Romanovs 2, Yuri Merkuryev 3, Arnis Kleins 4, Pjotrs Dorogovs 5, Ojars Krasts 6 1 Rezekne Higher Education Institution,
More information_isms_27001_fnd_en_sample_set01_v2, Group A
1) What is correct with respect to the PDCA cycle? a) PDCA describes the characteristics of information to be maintained in the context of information security. (0%) b) The structure of the ISO/IEC 27001
More informationLecture 6: Requirements Engineering
Lecture 6: Requirements Engineering Software System Design and Implementation ITCS/ITIS 6112/8112 001 Fall 2008 Dr. Jamie Payton Department of Computer Science University of North Carolina at Charlotte
More informationStandard: Risk Assessment Program
Standard: Risk Assessment Program Page 1 Executive Summary San Jose State University (SJSU) is highly diversified in the information that it collects and maintains on its community members. It is the university
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27002 Manager www.pecb.com The objective of the PECB Certified ISO/IEC 27002 Manager examination is to ensure that the candidate has
More informationModelling Cyber Security Risk Across the Organization Hierarchy
Modelling Cyber Security Risk Across the Organization Hierarchy Security issues have different causes and effects at different layers within the organization one size most definitely does not fit all.
More informationA Prototype for Transforming Role-Based Access Control Models
UNIVERSITY OF TARTU FACULTY OF MATHEMATICS AND COMPUTER SCIENCE Institute of Computer Science Liis Jaks A Prototype for Transforming Role-Based Access Control Models Bachelor s Thesis Supervisors: Dr.
More informationChapter 6 Supporting ISO Compliant ISMS Establishment with Si*
Chapter 6 Supporting ISO 27001 Compliant ISMS Establishment with Si* Abstract The establishment of an ISO 27001 security standard demands a description of the environment including its stakeholders and
More informationArchitectural Design. Topics covered. Architectural Design. Software architecture. Recall the design process
Architectural Design Objectives To introduce architectural design and to discuss its importance To explain the architectural design decisions that have to be made To introduce three complementary architectural
More informationVANCOUVER Chapter Study Group. BABOK Chapter 9 Techniques
VANCOUVER Chapter Study Group BABOK Chapter 9 Techniques May 27, 2015 David Ghotbi, CBAP Agenda Chapter 8 Review Pop Quiz Break Chapter 9 Review Pop Quiz Q & A 2 Chapter 9 Techniques Techniques: Alter
More informationRequirements Specifications & Standards
REQUIREMENTS ENGINEERING LECTURE 2014/2015 Dr. Jörg Dörr Requirements Specifications & Standards AGENDA Standards & Templates Natural Language Requirements Specification with Conceptual Models Suitable
More informationIntroduction... 1 Part I: How ITIL Can Help You... 7
Contents at a Glance Introduction... 1 Part I: How ITIL Can Help You... 7 Chapter 1: Managing IT Services: Welcome to the World of ITIL...9 Chapter 2: Using the Building Blocks of ITIL...19 Chapter 3:
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27002 Manager The objective of the PECB Certified ISO/IEC 27002 Manager examination is to ensure that the candidate has the knowledge for implementing information
More informationSECURITY MODELING IN AUTOMOTIVE INDUSTRY SHAHANAS CHOLAYIL MAYANKUTTY
SECURITY MODELING IN AUTOMOTIVE INDUSTRY SHAHANAS CHOLAYIL MAYANKUTTY agenda Motivation Workflow Results Lessons Learnt 2 MOTIVATION Academic Motivation Build confidence in security modeling notations
More informationSmart Power Grid Security: A Unified Risk Management Approach. Presenter: Yan Zhang
Smart Power Grid Security: A Unified Risk Management Approach Authors: Partha Datta Ray, Rajopal Harnoor, Dr. Mariana Hentea Presenter: Yan Zhang Submitted in Partial Fulfillment of the Course Requirements
More informationSoftware Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics
Software Verification and Validation (VIMMD052) Introduction Istvan Majzik majzik@mit.bme.hu Budapest University of Technology and Economics Dept. of Measurement and Information s Budapest University of
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Implementer www.pecb.com The objective of the PECB Certified ISO 14001 Lead Implementer examination is to ensure that the candidate
More informationSecurity Analysis Part I: Basics
Security Analysis Part I: Basics Ketil Stølen, SINTEF & UiO CORAS 1 Acknowledgments The research for the contents of this tutorial has partly been funded by the European Commission through the FP7 project
More informationChapter 4. Capturing the Requirements. 4th Edition. Shari L. Pfleeger Joanne M. Atlee
Chapter 4 Capturing the Requirements Shari L. Pfleeger Joanne M. Atlee 4th Edition It is important to have standard notations for modeling, documenting, and communicating decisions Modeling helps us to
More informationWHITE PAPER. The truth about data MASTER DATA IS YOUR KEY TO SUCCESS
WHITE PAPER The truth about data MASTER DATA IS YOUR KEY TO SUCCESS Master Data is your key to success SO HOW DO YOU KNOW WHAT S TRUE AMONG ALL THE DIFFER- ENT DATA SOURCES AND ACROSS ALL YOUR ORGANIZATIONAL
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 39001 Lead Auditor The objective of the PECB Certified ISO 39001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationMathematics and Computing: Level 2 M253 Team working in distributed environments
Mathematics and Computing: Level 2 M253 Team working in distributed environments SR M253 Resource Sheet Specifying requirements 1 Overview Having spent some time identifying the context and scope of our
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified OHSAS 18001 Lead Auditor www.pecb.com The objective of the PECB Certified OHSAS 18001 Lead Auditor examination is to ensure that the candidate
More informationYes. [No Response] General Questions
General Questions Q1. Do you agree that the proposals to refine the WHOIS opt-out eligibility and to provide a framework for registrar privacy services meets the policy objectives set out in the consultation
More informationSoftware specification and modelling. Requirements engineering
Software specification and modelling Requirements engineering Requirements engineering (RE) Requirements engineering is the process of establishing the services that a customer requires from a system and
More informationGerman OWASP Day 2016 CarIT Security: Facing Information Security Threats. Tobias Millauer
German OWASP Day 2016 CarIT Security: Facing Information Security Threats Tobias Millauer Daimler Business Units German OWASP Day 2016 CarIT Security: Facing Information Security Threats Tobias Millauer
More informationCritical Infrastructure Protection in the European Union
20 January, 2015 The European GNSS Programmes 1 ICG9, Prague 9-14 November 2014 Critical Infrastructure Protection in the European Union 20 January, 2015 The European GNSS Programmes 2 Each EU Member State
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 17025 Lead Auditor The objective of the PECB Certified ISO/IEC 17025 Lead Auditor examination is to ensure that the candidate possesses the needed expertise
More informationChapter 4 Objectives
Chapter 4 Objectives Eliciting requirements from the customers Modeling requirements Reviewing requirements to ensure their quality Documenting requirements for use by the design and test teams 4.1 The
More informationNo opinion. [No Response]
General Questions Q1. Do you agree that the proposals to refine the WHOIS opt-out eligibility and to provide a framework for registrar privacy services meets the policy objectives set out in the consultation
More informationChap 2. Introduction to Software Testing
Chap 2. Introduction to Software Testing 2.1 Software Testing Concepts and Processes 2.2 Test Management 1 2.1 Software Testing Concepts and Processes 1. Introduction 2. Testing Dimensions 3. Test Concepts
More informationAn Integrated Model for Requirements Structuring and Architecture Design
AWRE 2002 19 An Integrated Model for Requirements Structuring and Architecture Design Abstract Juha Savolainen, Tuomo Vehkomäki Nokia Research Center {Juha.Savolainen Tuomo.Vehkomäki}@nokia.com Mike Mannion
More information1) Software Engineering
1) Software Engineering a) Software: Programs, documentation and configuration data which is needed to make programs operate correctly. i) Two types of Software Products: (1) Generic Products: Eg: word
More informationPreprocessing Short Lecture Notes cse352. Professor Anita Wasilewska
Preprocessing Short Lecture Notes cse352 Professor Anita Wasilewska Data Preprocessing Why preprocess the data? Data cleaning Data integration and transformation Data reduction Discretization and concept
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationiserver Free Archimate ArchiMate 1.0 Template Stencil: Getting from Started Orbus Guide Software Thanks for Downloading the Free ArchiMate Template! Orbus Software have created a set of Visio ArchiMate
More informationIPC Integrated Food Security Phase Classification. Lesson: IPC Quality Assurance
IPC Integrated Food Security Phase Classification Version 2.0 Lesson: Text-only version In partnership with: In this lesson LEARNING OBJECTIVES... 2 INTRODUCTION... 2 WHERE YOU ARE IN THE IPC PACKAGE...
More informationCS350 Lecture 2 Requirements Engineering. Doo-Hwan Bae
CS350 Lecture 2 Requirements Engineering Doo-Hwan Bae bae@se.kaist.ac.kr Contents Overview of Requirements Engineering OO Analysis: Domain modeling, Use-case, sequence, class Structured Analysis: Dataflow
More informationNatural Language Specification
REQUIREMENTS ENGINEERING LECTURE 2017/2018 Dr. Jörg Dörr Natural Language Specification Most Requirements are Described in Natural Language Free Text (Prose) In Word In Excel (Tabular) In RM-Tools In Sys-ML
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified Management System Auditor www.pecb.com The objective of the PECB Certified Management System Auditor examination is to ensure that the candidates
More informationAustralian/New Zealand Standard
AS/NZS ISO/IEC 27005:2012 Australian/New Zealand Standard Information technology Security techniques Information security risk management (ISO/IEC 27005:2011, MOD) This Joint Australian/New Zealand Standard
More informationAdvanced Software Engineering: Software Testing
Advanced Software Engineering: Software Testing COMP 3705(L4) Sada Narayanappa Anneliese Andrews Thomas Thelin Carina Andersson Web: http://www.megadatasys.com Assisted with templates News & Project News
More informationPractice Midterm Exam: Software Engineering
Practice Midterm Exam: Software Engineering Prof. Bruegge WS 2001/2002 Out: December 13, 16:00, S1128 Due: December 14, 11:15, S1128 Last name First name Matriklnr. Hauptfach Semester Date of birth 1.
More informationTool-Supported Cyber-Risk Assessment
Tool-Supported Cyber-Risk Assessment Security Assessment for Systems, Services and Infrastructures (SASSI'15) Bjørnar Solhaug (SINTEF ICT) Berlin, September 15, 2015 1 Me Bjørnar Solhaug Bjornar.Solhaug@sintef.no
More information