Abstract
Security risk mitigation is a salient issue in systems development research. This paper introduces a lightweight approach to security risk mitigation that can be used within an Agile Development framework — the Security Obstacle Mitigation Model (SOMM). The SOMM uses the concept of trust assumptions to derive obstacles and the concept of misuse cases to model the obstacles. A synthetic scenario, based on an on-line system, shows how the SOMM is used to anticipate malicious behaviour with respect to an operational information system and to document a priori how this malicious behaviour should be mitigated. Since the SOMM is conceptually simple in deployment, its use is well within the capacities of the users who form part of an Agile Development team and crucially it should not take up a significant amount of development time.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
