Security Attack Testing (SAT)—testing the security of information systems at design time
Mouratidis, Haralambos and Giorgini, Paolo 2007. Security Attack Testing (SAT)—testing the security of information systems at design time. Information Systems. 32 (8), pp. 1166-1183.
|Authors||Mouratidis, Haralambos and Giorgini, Paolo|
For the last few years a considerable number of efforts have been devoted into integrating security issues into information systems development practices. This has led to a number of languages, methods, methodologies and techniques for considering security issues during the developmental stages of an information system. However, these approaches mainly focus on security requirements elicitation, analysis and design issues and neglect testing. This paper presents the Security Attack Testing (SAT) approach, a novel scenario-based approach that tests the security of an information system at the design time. The approach is illustrated with the aid of a real-life case study involving the development of a health and social care information system.
|Keywords||Information systems development methodology; Integrating security; software engineering; Scenarios; Information system security testing|
|Journal citation||32 (8), pp. 1166-1183|
|Accepted author manuscript|
|Web address (URL)||http://dx.doi.org/10.1016/j.is.2007.03.002|
|Publication process dates|
|Deposited||02 Dec 2009|
1views this month
0downloads this month