Abstract
Socio-technical systems (STS) are inherently complex due to the heterogeneity of its intertwined components. Therefore, ensuring STS security continues to pose significant challenges. Persistent security issues in STS are extremely critical to address as threats to security can affect entire enterprises, resulting in significant recovery costs. A profound understanding of the problems across multiple dimensions of STS is the key in addressing such security issues. However, we lack a systematic acquisition of the scattered knowledge related to design, development, and execution of STS. In this work, we methodologically analyze security issues from a requirements engineering perspective. We propose a cognitive three-layered framework integrating various modeling methodologies and knowledge sources related to security. This framework helps in understanding essential components of security and making recommendations of security requirements regarding threat analyses and risk assessments using Problem Domain Ontology (PDO) knowledge base. We also provide tool support for our framework. With the goal-oriented security reference model, we demonstrate how security requirements are recommended based on PDO, with the help of the tool. The organized acquisition of knowledge from SME groups and the domain working group provides rich context of security requirements, and also enhances the re-usability of the knowledge set.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
