Name
Abstract | ||
|---|---|---|
Many industrial software development processes today have to comply with security standards such as the IEC~62443-4-1. These standards, written in natural language, are ambiguous and complex to understand. This is especially true for non-security experts. Security practitioners thus invest much effort into comprehending standards and, later, into introducing them to development teams. However, our experience in the industry shows that development practitioners might very well also read such standards, but nevertheless end up inviting experts for interpretation (or confirmation). Such a scenario is not in tune with current trends and needs of increasing velocity in continuous software engineering. In this paper, we propose a tool-supported approach to make security standards more precise and easier to understand for both non-security as well as security experts by applying process models. This approach emerges from a large industrial company and encompasses so far the IEC62443-4-1 standard. We further present a case study with 16 industry practitioners showing how the approach improves communication between development and security compliance practitioners. |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1007/978-3-030-67731-2_34 | SOFSEM |
DocType | ISSN | Citations |
Conference | International Conference on Current Trends in Theory and Practice
of Informatics SOFSEM 2021: Theory and Practice of Computer Science pp
458-471 | 0 |
PageRank | References | Authors |
0.34 | 0 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Fabiola Moyon | 1 | 0 | 0.34 |
| Daniel Méndez | 2 | 0 | 1.69 |
| Kristian Beckers | 3 | 1 | 1.04 |
| Sebastian Klepper | 4 | 10 | 2.10 |