Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed ...
Interviews with stakeholders can be a useful method for identifying user needs and establishing requirements. However, interviews are also problematic. They are time consuming and...
Traditional network security technologies such as firewalls and intrusion detection systems usually work according to a static ruleset only. We believe that a better approach to ...
One of the prerequisites for information society is secure and reliable communication among computing systems. Accordingly, network security appliances become key components of inf...
Abstract. Even the most well-motivated models of information security have application limitations due to the inherent uncertainties involving risk. This paper exemplifies a formal...
Benjamin Johnson, Jens Grossklags, Nicolas Christi...