{"title":"An Organizational Framework for Building Secure Software","authors":"A. Hamou-Lhadj, A. Hamou-Lhadj","doi":"10.1109/ISA.2008.105","DOIUrl":null,"url":null,"abstract":"In this paper, we argue that building a secure software system requires more than just a good understanding of technology. It requires an organized framework for the business context in which the system is being built Unlike existing studies that focus on security only from the technological point of view, in this paper, we present a framework for building secure software that facilitates the linkage between security requirements, software development practices, and business process management. Our framework consists of four main components: Governance, People, Process, and Technology. We believe that this framework, if implemented properly, can be a powerful tool that can be used by software companies to cope with the increasing customer demand for secure software.","PeriodicalId":212375,"journal":{"name":"2008 International Conference on Information Security and Assurance (isa 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-04-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Conference on Information Security and Assurance (isa 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISA.2008.105","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In this paper, we argue that building a secure software system requires more than just a good understanding of technology. It requires an organized framework for the business context in which the system is being built Unlike existing studies that focus on security only from the technological point of view, in this paper, we present a framework for building secure software that facilitates the linkage between security requirements, software development practices, and business process management. Our framework consists of four main components: Governance, People, Process, and Technology. We believe that this framework, if implemented properly, can be a powerful tool that can be used by software companies to cope with the increasing customer demand for secure software.