Information Technology Reference
In-Depth Information
5. CLUSIF (1998) MARION (Méthodologie d'Analyse des Risques Informatique et d'Opti-
mation par Niveau) available at
http://www.clusif.asso.fr
6. CLUSIF (2007) MEHARI 2007: concepts and mechanisms.
http://www.clusif.asso.fr/fr/
production/ouvrages/pdf/CLUSIF-risk-management.pdf
. Last Accessed 21 Feb 2010
7. Cockburn A (2001) Writing effective use cases. Addison-Wesley Longman Publishing Co.,
Boston, MA, USA
8. Common Criteria version 2.3 (2005) Common criteria for information technology secu-
rity evaluation, CCMB-2005-08-002.
http://www.tse.org.tr/turkish/belgelendirme/ortakkriter/
ccpart2v2.3.pdf
. Last Accessed 21 Feb 2010
9. DCSSI (2004) EBIOS - expression of needs and identification of security objectives.
http://www.ssi.gouv.fr/archive/en/confidence/ebiospresentation.html
. Last Accessed 21 Feb
2010
10. Direction des Constructions Navales (1989) MELISA (Méthode d'Evaluation de la
Vulnérabilité Résiduelle des Systèmes d'Information). Paris, France
11. Dubois E, Mayer N, Rifaut A, Rosener V (2006) Contributions méthologiques pour
l'amélioration de l'analyse des risques. In: Enjeux de la sécurité multimédia (Traité IC2, série
Informatique et systèmes d'information). Hermes Science Publications, Paris, pp 79-131
12. Elahi G, Yu E, Zannone N (2010) A vulnerability-centric requirements engineering frame-
work: analyzing security attacks, countermeasures, and requirements based on vulnerabilities.
Reqs Eng Journal 15(1):41-62
13. ENISA (European Network and Information Security Agency) (2006) Inventory of
risk assessment and risk management methods.
http://www.enisa.europa.eu/act/rm/files/
deliverables/inventory-of-risk-assessment-and-risk-management-methods
. Last Accessed 21
Feb 2010
14. Fabian B, Gürses S, Heisel M, Santen T, Schmidt H (2010) A comparison of security
requirements engineering methods. Reqs Eng Journal 15(1):7-40
15. Firesmith DG (2003) Common concepts underlying safety, security, and survivability
engineering. CMU/SEI-2003-TN-033 Carnegie Mellon University, Software Engineering
Institute, Pittsburgh, PA
16. Firesmith DG (2007) Engineering safety and security related requirements for software inten-
sive systems. In: Companion to the proceedings of the 29th international conference on
software engineering (COMPANION'07). IEEE Computer Society, p 169
17. Giorgini P, Massacci F, Zannone N (2005) Security and trust requirements engineering. In:
Foundations of security analysis and design III. LNCS, vol 3655. Springer, pp 237-272
18. Haley CB, Laney RC, Moffett JD, Nuseibeh B (2008) Security requirements engineering: a
framework for representation and analysis. IEEE Trans Softw Eng 34:133-153
19. Haley CB, Moffett JD, Laney RC, Nuseibeh B (2006) A framework for security requirements
engineering. In: Proceedings of the 2nd international workshop on software engineering for
secure systems (SESS'06), ACM, pp 35-42
20. Harel D, Rumpe B (2004) Meaningful modeling: what's the semantics of “semantics”?
Computer 37:64-72
21.
Insight Consulting (2003) CRAMM (CCTA Risk Analysis and Management Method) User
Guide version 5.0. SIEMENS
22.
ISO/IEC Guide 73 (2002) Risk management - vocabulary - guidelines for use in standards.
International Organization for Standardization, Geneva
23.
ISO/IEC 13335-1 (2004) Information technology - security techniques - management of
information and communications technology security - part 1: concepts and models for infor-
mation and communications technology security management. International Organization for
Standardization, Geneva
24.
ISO 14001 (2004) Environmental management systems - requirements with guidance for use.
International Organization for Standardization, Geneva
25.
ISO/IEC 27001 (2005) Information technology - security techniques - information security
management systems - requirements. International Organization for Standardization, Geneva
Search WWH ::
Custom Search