Skip to main content
SpringerLink
Log in

Threat Analysis in Practice – Systematically Deriving Security Requirements

  • Conference paper
  • First Online:
Product-Focused Software Process Improvement (PROFES 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11271))

Abstract

With the growing number of incidents, the topic security gains more and more attention across all domains. Organizations realize their lack of state-of-the-art security practices, however, they struggle to improve their software lifecycle in terms of security. In this talk, we introduce the concept of security by design that implements security practices within the whole software lifecycle. Based on our practical experience from industry projects in the regulated industrial automation and unregulated classical IT domain, we explain how to perform a threat analysis and how to integrate it into the software lifecycle.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.microsoft.com/en-us/download/details.aspx?id=49168.

References

  1. Geismann, J., Gerking, C., Bodden, E.: Towards ensuring security by design in cyber-physical systems engineering processes. In: International Conference on Software and System Process (ICSSP 2018), May 2018

    Google Scholar 

  2. International Electrotechnical Commission (IEC): IEC 62443-4-1:2018: Security for industrial automation and control systems - Part 4–1: Secure product development lifecycle requirements, Jan 2018

    Google Scholar 

  3. Shostack, A.: Threat Modeling: Designing for Security. Wiley, Indianapolis (2014)

    Google Scholar 

  4. Williams, L., Meneely, A., Shipley, G.: Protection poker: The new software security “game”. IEEE Secur. Privacy 8(3), 14–20 (2010)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Software Engineering and IT Security, Fraunhofer IEM, Paderborn, Germany

    Markus Fockel, Sven Merschjohann & Masud Fazal-Baqaie

Authors
  1. Markus Fockel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sven Merschjohann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Masud Fazal-Baqaie
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Markus Fockel .

Editor information

Editors and Affiliations

  1. Technische Universität Clausthal, Goslar, Germany

    Marco Kuhrmann

  2. Leibniz University Hannover, Hannover, Germany

    Kurt Schneider

  3. University of Tartu, Tartu, Estonia

    Dietmar Pfahl

  4. Okayama Prefectural University, Okayama, Japan

    Sousuke Amasaki

  5. QAware GmbH, Munich, Germany

    Marcus Ciolkowski

  6. Chalmers | University of Gothenburg, Gothenburg, Sweden

    Regina Hebig

  7. IT University of Copenhagen, Copenhagen, Denmark

    Paolo Tell

  8. Leibniz University Hannover, Hannover, Germany

    Jil Klünder

  9. Clausthal University of Technology, Goslar, Germany

    Steffen Küpper

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fockel, M., Merschjohann, S., Fazal-Baqaie, M. (2018). Threat Analysis in Practice – Systematically Deriving Security Requirements. In: Kuhrmann, M., et al. Product-Focused Software Process Improvement. PROFES 2018. Lecture Notes in Computer Science(), vol 11271. Springer, Cham. https://doi.org/10.1007/978-3-030-03673-7_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03673-7_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03672-0

  • Online ISBN: 978-3-030-03673-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation