Page 347 -
P. 347

330   Chapter 12   Dependability and security specification




                            Security risk management

                     Safety is a legal issue and businesses cannot decide to opt out of producing safe systems. However, some
                     aspects of security are business issues—a business can decide not to implement some security measures and to
                     cover the losses that may result from this decision. Risk management is the process of deciding what assets
                     must be protected and how much can be spent on protecting them.
                                   http://www.SoftwareEngineering-9.com/Web/Security/RiskMan.html




                                    6.  Intrusion detection requirements specify what mechanisms should be used to
                                        detect attacks on the system.
                                    7.  Non-repudiation requirements specify that a party in a transaction cannot deny
                                        its involvement in that transaction.
                                    8.  Privacy requirements specify how data privacy is to be maintained.

                                    9.  Security auditing requirements specify how system use can be audited and
                                        checked.
                                    10. System maintenance security requirements specify how an application can pre-
                                        vent authorized changes from accidentally defeating its security mechanisms.


                                      Of course, you will not see all of these types of security requirements in every
                                    system. The particular requirements depend on the type of system, the situation of
                                    use, and the expected users.
                                      The risk analysis and assessment process discussed in Section 12.1 may be used
                                    to identify system security requirements. As I discussed, there are three stages to this
                                    process:


                                    1.  Preliminary risk analysis At this stage, decisions on the detailed system require-
                                        ments, the system design, or the implementation technology have not been
                                        made. The aim of this assessment process is to derive security requirements for
                                        the system as a whole.

                                    2.  Life-cycle risk analysis This risk assessment takes place during the system
                                        development life cycle after design choices have been made. The additional
                                        security requirements take account of the technologies used in building the sys-
                                        tem and system design and implementation decisions.

                                    3.  Operational risk analysis This risk assessment considers the risks posed by
                                        malicious attacks on the operational system by users, with or without insider
                                        knowledge of the system.

                                      The risk assessment and analysis processes used in security requirements specifi-
                                    cation are variants of the generic risk-driven specification process discussed in
   342   343   344   345   346   347   348   349   350   351   352