학술논문
Risk-based systems security engineering: stopping attacks with intention
Document Type
Periodical
Author
Source
IEEE Security & Privacy IEEE Secur. Privacy Security & Privacy, IEEE. 2(6):59-62 Jan, 2004
Subject
Language
ISSN
1540-7993
1558-4046
1558-4046
Abstract
In most modern information systems (IS), functionality and security are competing design goals. Therefore, system designers are constantly forced to make security-related trade-off decisions. Systems security engineers must build systems that are secure against real-world attacks without overengineering against any particular one. By understanding which attacks are most likely and which risks are most serious, system designers can make informed security-related trade-off decisions. We describe a systems security engineering methodology designers can use to make these decisions.