Integrating Requirements and Risk Management to analyse contexts of use
Shamal Faily
- 15:00 5th March 2009 ( week 7, Hilary Term 2009 )Common Room
The failure to design for changes to contexts of operation have been widely reported, with consequences
ranging from loss of information through to loss of life. As reports of such failures become more
prevalent, there is a growing need to explore the relationship between security and its socio-technical
contexts. A better understanding of this relationship could lead to important insights into designing and
deploying security solutions that are effective at mitigating risks and appropriate to their context of use.
Recent empirical research on cultural contexts within the NeuroGrid e-Science project found that a myopic
view of security engineering, coupled with conflicting perceptions of security by different organisational
sub-cultures can be a significant source of requirements conflict. This research also highlighted the
importance of understanding different roles and responsibilities at play within different contexts.
Although the value of responsibility modelling has been reported in specific cases, its potential value in
distributed socio-technical environments appears to be unexplored.
This presentation introduces RERIM (REquirements and RIsk Management), a tool for supporting integrated
requirements and risk management for variable contexts of operation.
First, we present a meta-model for integrated Requirements and Risk Management, and compare and contrast
this with similar models for security requirements engineering within the literature.
Second, based on Butler's work on Multi-Attribute Risk Assessment, we present a framework for quantitative
risk assessment, sensitive to the values of specific properties of risk analysis artifacts.
Third, we demonstrate how the meta-model and quantitative risk assessment framework supports the elicitation
and visualisation of requirements and risk management artifacts within the RERIM prototype. Finally, we
propose a research agenda for validating RERIM.
ranging from loss of information through to loss of life. As reports of such failures become more
prevalent, there is a growing need to explore the relationship between security and its socio-technical
contexts. A better understanding of this relationship could lead to important insights into designing and
deploying security solutions that are effective at mitigating risks and appropriate to their context of use.
Recent empirical research on cultural contexts within the NeuroGrid e-Science project found that a myopic
view of security engineering, coupled with conflicting perceptions of security by different organisational
sub-cultures can be a significant source of requirements conflict. This research also highlighted the
importance of understanding different roles and responsibilities at play within different contexts.
Although the value of responsibility modelling has been reported in specific cases, its potential value in
distributed socio-technical environments appears to be unexplored.
This presentation introduces RERIM (REquirements and RIsk Management), a tool for supporting integrated
requirements and risk management for variable contexts of operation.
First, we present a meta-model for integrated Requirements and Risk Management, and compare and contrast
this with similar models for security requirements engineering within the literature.
Second, based on Butler's work on Multi-Attribute Risk Assessment, we present a framework for quantitative
risk assessment, sensitive to the values of specific properties of risk analysis artifacts.
Third, we demonstrate how the meta-model and quantitative risk assessment framework supports the elicitation
and visualisation of requirements and risk management artifacts within the RERIM prototype. Finally, we
propose a research agenda for validating RERIM.