ABSTRACT As software applications become more complex they require more security, allowing them to reach an appropriate level of quality to manage information, and therefore achieving business objectives. Web applications represent one segment of software industry where security risk assessment is essential. Web engineering must address new challenges to provide new techniques and tools that guarantee high quality application development. This work focuses asset identification, the initial step in security risk assessment for web applications. Risk assessment helps organizations determine security risks in information management systems. The formal approach to identifying information assets for risk assessment is investigated using the MAGERIT methodology and EBIOS method. This work is carried out at Simón Bolivar University (Venezuela) for its Student Opinion Survey Coordination web-based application. Under this research, a methodological tool for asset identification was developed to help the University achieve security risk assessment. Assets are identified according to their priorities in the organizational environment. This work contributes to Web Engineering in general, and to Information Security Management with emphasis on security risk assessment.
Asset Identification for Security Risk Assessment in Web Applications
1 file(s) 389.87 KB
Authors
Brunil D. Romero
- Organization : Processes and Systems Department, Simón Bolívar University (Venezuela)
- Email : bromero@usb.ve
Hisham M. Haddad
- Organization : Computer Science Department, Kennesaw State University (USA)
- Email : hhaddad@kennesaw.edu