Security Attack Testing (SAT)—testing the security of information systems at design time

Article


Mouratidis, Haralambos and Giorgini, Paolo 2007. Security Attack Testing (SAT)—testing the security of information systems at design time. Information Systems. 32 (8), pp. 1166-1183.
AuthorsMouratidis, Haralambos and Giorgini, Paolo
Abstract

For the last few years a considerable number of efforts have been devoted into integrating security issues into information systems development practices. This has led to a number of languages, methods, methodologies and techniques for considering security issues during the developmental stages of an information system. However, these approaches mainly focus on security requirements elicitation, analysis and design issues and neglect testing. This paper presents the Security Attack Testing (SAT) approach, a novel scenario-based approach that tests the security of an information system at the design time. The approach is illustrated with the aid of a real-life case study involving the development of a health and social care information system.

KeywordsInformation systems development methodology; Integrating security; software engineering; Scenarios; Information system security testing
JournalInformation Systems
Journal citation32 (8), pp. 1166-1183
ISSN0306-4379
Year2007
Accepted author manuscript
License
CC BY-ND
Web address (URL)http://dx.doi.org/10.1016/j.is.2007.03.002
http://hdl.handle.net/10552/410
Publication dates
PrintDec 2007
Publication process dates
Deposited02 Dec 2009
Additional information

Citation:
Mouratidis, H., Giorgin, P. (2007) ‘Security Attack Testing (SAT)—testing the security of information systems at design time’ Information Systems 32 (8) 1166-1183.

Permalink -

https://repository.uel.ac.uk/item/865y6

Download files


Accepted author manuscript
  • 103
    total views
  • 332
    total downloads
  • 1
    views this month
  • 3
    downloads this month

Export as