Abstract
One of the highest priorities of system requirements needed in software development industry is security requirements. However, to identify the complete and correct software security requirements are a challenging task especially creating enterprise assets security requirements. Enterprise assets security requirements are to identify security basic needs, to assess risks, to establish security approach and service, and to specify external enterprise consideration including confidentiality, integrity, availability, and accountability concerns. Moreover, these may be applied to other security requirements such as identification and authentication, access control, firewall architecture, etc. Security patterns may be used to create this security requirements but understanding, analyzing and transforming from security patterns to security requirements are difficult to accomplish. We proposed a grammar, called ESRMG (enterprise security and risk management grammar), and a prototyping tool based on security patterns in a scope of enterprise asset identification and risk managements which are the fundamental of enterprise security requirements. The proposed grammar and tool are beneficial for any organization to construct enterprise security requirements and may help reduce cost and time in overall of system development.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
