home
Home

Steps for Business Analyst To Gather Security Requirements from Misuse Cases

Submitted by manish9.k on Fri, 2010-02-05 01:03

In this write-up, I will talk about misuse cases and steps to identify security requirements. Ivar Jacobson while working on large telecommunication systems introduced use cases. According to him use cases describe system's desired behavior in the form of a story ('Scenario')from the point view of a user or interfacing system('Actor') and supported by subsidiary scenarios in the form of alternatives and exceptions[Jacabson 1992]. On the other hand misuse cases are the inverse of use cases. The concept was coined in 1990s by Guttorm Sindre of the Norwegian University of Science and Technology, and Andreas L. Opdahl of the University of Bergen, Norway. The basic concept is describing the steps of performing a malicious act against a system, just as you would describe an act that the system is supposed to perform in a use case. So, use cases models the behavior expected from the system and misuse cases models the behavior not expected from the system.

Download the paper from below link.

AttachmentSize
Misuse case.pdf493.84 KB

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
But what is a misuse case by baldrick
Re:But what is a misuse case by manish9.k

    Sponsored Announcements & Special Offers

view counter

Whitepaper from HP - Why Focus on Requirements Definition Management in the Application Lifecycle?

Increasingly, smart businesses are looking much closer at requirements definition (RD) and requirements management (RM) (sometimes grouped together under the Gartner-coined phrase, requirements definition management (RDM)) to streamline the entire application lifecycle. Why? Because systematic and effective RDM captures software defects earlier in the lifecycle, and it reduces the overall likelihood that defects will be introduced. That’s important. How important? According to one study, the cost to fix a defect after delivery is more than 100 times the cost to fix it in the requirement and design phase. No business wants to be hit with that bill. Now to add to this the growing interest in agile development techniques as a way to deliver higher quality applications and we have an interesting recipe for success.

Download a Free Copy

view counter
© 2007-2010 Requirements Networking Group All rights reserved. contact | advertise | privacy
Requirements Networking Group