| | SLO | ENG | Piškotki in zasebnost

Večja pisava | Manjša pisava
Prva stran > Iskanje po katalogu digitalne knjižnice

Iskanje po katalogu digitalne knjižnice Pomoč

Iskalni niz: išči po
išči po
išči po
išči po
* po starem in bolonjskem študiju

Opcije:
  Ponastavi


1 - 3 / 3
Na začetekNa prejšnjo stran1Na naslednjo stranNa konec
1.
Balancing software and training requirements for information security
Damjan Fujs, Simon Vrhovec, Damjan Vavpotič, 2023, izvirni znanstveni članek

Opis: Information security is one of the key areas of consideration to assure reliable and dependable information systems (IS). Achieving an appropriate level of IS security requires concurrent consideration of the technical aspects of IS and the human aspects related to the end users of IS. These aspects can be described in the form of information security requirements. We propose an approach that helps select and balance information security software requirements (iSSR) and information security training requirements (iSTR) according to the information security performance of end users. The approach was tested in an experiment involving 128 IS professionals. The results showed that using the proposed approach helps IS professionals with limited experience in information security make significantly better decisions regarding iSSR and iSTR.
Ključne besede: kibernetska varnost, eksperiment, informacijsko varnostni standardi, inženirstvo zahtev, usposabljanje končnih uporabnikov, informacijska varnost, cyber security, experiment, information security standard, requirements engineering, end user training, information security
Objavljeno v DKUM: 13.11.2024; Ogledov: 0; Prenosov: 4
URL Povezava na celotno besedilo

2.
Identifying key activities, artifacts and roles in agile engineering of secure software with hierarchical clustering
Anže Mihelič, Tomaž Hovelja, Simon Vrhovec, 2023, izvirni znanstveni članek

Opis: Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security.
Ključne besede: secure software development, security engineering, agile methods, agile development, software development, software engineering, software security, application security, cybersecurity, cyber resilience
Objavljeno v DKUM: 29.11.2023; Ogledov: 417; Prenosov: 12
.pdf Celotno besedilo (557,17 KB)
Gradivo ima več datotek! Več...

3.
Agile development of secure software for small and medium-sized enterprises
Anže Mihelič, Simon Vrhovec, Tomaž Hovelja, 2023, izvirni znanstveni članek

Opis: Although agile methods gained popularity and became globally widespread, developing secure software with agile methods remains a challenge. Method elements (i.e., roles, activities, and artifacts) that aim to increase software security on one hand can reduce the characteristic agility of agile methods on the other. The overall aim of this paper is to provide small- and medium-sized enterprises (SMEs) with the means to improve the sustainability of their software development process in terms of software security despite their limitations, such as low capacity and/or financial resources. Although software engineering literature offers various security elements, there is one key research gap that hinders the ability to provide such means. It remains unclear not only how much individual security elements contribute to software security but also how they impact the agility and costs of software development. To address the gap, we identified security elements found in the literature and evaluated them for their impact on software security, agility, and costs in an international study among practitioners. Finally, we developed a novel lightweight approach for evaluating agile methods from a security perspective. The developed approach can help SMEs to adapt their software development to their needs.
Ključne besede: secure software development, security engineering, agile, small and medium sized enterprises, software development management, security
Objavljeno v DKUM: 29.11.2023; Ogledov: 494; Prenosov: 7
.pdf Celotno besedilo (2,58 MB)
Gradivo ima več datotek! Več...
Iskanje izvedeno v 0.07 sek.
Na vrh
Logotipi partnerjev Univerza v Mariboru Univerza v Ljubljani Univerza na Primorskem Univerza v Novi Gorici