Sciweavers

RE
2015
Springer

Assessment of risk perception in security requirements composition

8 years 7 months ago
Assessment of risk perception in security requirements composition
—Security requirements analysis depends on how well-trained analysts perceive security risk, understand the impact of various vulnerabilities, and mitigate threats. When systems are composed of multiple machines, configurations, and software components that interact with each other, risk perception must account for the composition of security requirements. In this paper, we report on how changes to security requirements affect analysts risk perceptions and their decisions about how to modify the requirements to reach adequate security levels. We conducted two user surveys of 174 participants wherein participants assess security levels across 64 factorial vignettes. We analyzed the survey results using multilevel modeling to test for the effect of security requirements composition on participants’ overall security adequacy ratings and on their ratings of individual requirements. We accompanied this analysis with grounded analysis of elicited requirements aimed at lowering the securi...
Hanan Hibshi, Travis D. Breaux, Stephen B. Broomel
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where RE
Authors Hanan Hibshi, Travis D. Breaux, Stephen B. Broomell
Comments (0)