[1] F. D’Aubeterre, L. S. Iyer, and R. Singh. An empirical evaluation of information security awareness levels in designing secure business processes. In V. Vaishanvi and S. Purao, editors, DESRIST. ACM, 2009.
This
paper demonstrate that "Secure Activity Resource Coordination (SARC)"
is the best way to get analyst and designer of processes to be aware of the
security requirements in the processess; SARC is not explained in this paper,
another paper was published earlier does explain SARC in details, this paper
focuses only on proving that it is the best way to increase the awareness level
of security requirements in a process. To show how good is SARC, the paper
compare based on a method called situational Awareness (SA); which place
awareness on 3 levels: awareness of the existence, comprehension, prediction.
SA was used as the measuring criteria to compare SARC to "Enriched-Use
Case and UML-Active diagrams".
So
the study was about proving if SARC can increase awareness in Security requirements
for analysts and designers within these 3 levels. The study was preformed on
different groups of students and the results showed that SARC mad the students
more aware of the security requirements in the processes more than the
"Enriched-Use Case and UML-Active diagrams".
The
papers conclude that, considering security requirements from the beginning and
treating them as functional requirements will increase the awareness of them
for the analyst, and using SARC is the best way to do so.
If
this paper would be related to the research on hand in anyway, it would be
showing the importance of early consideration of security requirements; from
the data collection phase. It might also be related in the form that SARC is
worth looking at as a method, and it might be a good method to follow in
integrating other security requirements; such as trust; since it is proven to
be a good way to increase the awareness of security requirements.
No comments:
Post a Comment