期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2014
卷号:63
期号:1
出版社:Journal of Theoretical and Applied
摘要:In practice, at software/system requirements assembly stages, the focus is regularly on the software security requirements as usually described at the system level this may lead to explicit security-related product which may be implemented as both in system and software. According to the ECSS standards internal security awareness is restricted to avoid illegal access to the software system and confidential data while the external security requirements related awareness is failing to put off the leak of secure output data awareness and illegal processes. In European, ISO 25021 a amount of terms are afforded to describe many types of aspirant security awareness requirements. This paper accumulates and systematizes these security awareness-related requirements into a standards-based reference model of the software security awareness; In the absence of such a model, such security awareness requirements are definitively assigned at software system testing time, stakeholders find out that a number of Security awareness requirements are neglected and additional efforts should be added to implement such awareness�s. Moreover, the proposed model may also be used for identify the functional size of security awareness programs using the ISO 19761 standard. This size may be used for estimation purposes.
关键词:Security Requirements; Security Awareness Program; ISO 25021; IEEE-830.
