Risk Assessment of Security Requirements of Banking Information Systems Based on Attack Patterns
作者: Krissada Rongrat , Twittie Senivongse
DOI: 10.1007/978-3-319-64051-8_8
关键词: Threat 、 Risk analysis (engineering) 、 Security analysis 、 Risk factor (computing) 、 Business 、 Information system 、 Security service 、 Countermeasure (computer) 、 Asset (computer security) 、 Risk assessment
摘要: Security risk assessment is an important process for the implementation of any information systems including those in banking sector. When a bank initiates or implements system project, requirements engineers business analysts project conduct initial validation security to check if they comply with regulations before audit takes place. This paper presents method assist team validating system. Text similarity analysis used identify which are missing from bank, and quantitative index model also proposed determine level associated requirements. The based on harm potential attacks can do not implemented. Using case study Thailand, we apply assess Thai commercial banks against IT Best Practices Bank Thailand. We evaluate performance compliance checking terms F-measure accuracy, validity correlation expert judgment.
springer.com
sci-hub.st 参考文章(6)
Muhammad Ilyas, Josef Kung, A Similarity Measurement Framework for Requirements Engineering international multi-conference on computing in global information technology. pp. 31- 34 ,(2009) , 10.1109/ICCGI.2009.12
Eric J. Stierna, Neil C. Rowe, Applying information-retrieval methods to software reuse: a case study Information Processing and Management. ,vol. 39, pp. 67- 74 ,(2003) , 10.1016/S0306-4573(02)00025-0
Donald Firesmith, Engineering Security Requirements The Journal of Object Technology. ,vol. 2, pp. 53- 68 ,(2003) , 10.5381/JOT.2003.2.1.C6
Johan Natt och Dag, Björn Regnell, Pär Carlshamre, Michael Andersson, Joachim Karlsson, A Feasibility Study of Automated Natural Language Requirements Analysis in Market-Driven Development Requirements Engineering. ,vol. 7, pp. 20- 33 ,(2002) , 10.1007/S007660200002
Yijun Yu, Virginia N.L. Franqueira, Thein Than Tun, Roel J. Wieringa, Bashar Nuseibeh, Automated analysis of security requirements through risk-based argumentation Journal of Systems and Software. ,vol. 106, pp. 102- 116 ,(2015) , 10.1016/J.JSS.2015.04.065
Tong Li, Elda Paja, John Mylopoulos, Jennifer Horkoff, Kristian Beckers, Security attack analysis using attack patterns research challenges in information science. pp. 1- 13 ,(2016) , 10.1109/RCIS.2016.7549303