Abstract
With the growing number of incidents, the topic security gains more and more attention across all domains. Organizations realize their lack of state-of-the-art security practices, however, they struggle to improve their software lifecycle in terms of security. In this talk, we introduce the concept of security by design that implements security practices within the whole software lifecycle. Based on our practical experience from industry projects in the regulated industrial automation and unregulated classical IT domain, we explain how to perform a threat analysis and how to integrate it into the software lifecycle.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Geismann, J., Gerking, C., Bodden, E.: Towards ensuring security by design in cyber-physical systems engineering processes. In: International Conference on Software and System Process (ICSSP 2018), May 2018
International Electrotechnical Commission (IEC): IEC 62443-4-1:2018: Security for industrial automation and control systems - Part 4–1: Secure product development lifecycle requirements, Jan 2018
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Indianapolis (2014)
Williams, L., Meneely, A., Shipley, G.: Protection poker: The new software security “game”. IEEE Secur. Privacy 8(3), 14–20 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Fockel, M., Merschjohann, S., Fazal-Baqaie, M. (2018). Threat Analysis in Practice – Systematically Deriving Security Requirements. In: Kuhrmann, M., et al. Product-Focused Software Process Improvement. PROFES 2018. Lecture Notes in Computer Science(), vol 11271. Springer, Cham. https://doi.org/10.1007/978-3-030-03673-7_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-03673-7_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03672-0
Online ISBN: 978-3-030-03673-7
eBook Packages: Computer ScienceComputer Science (R0)