Abstract
Web-based information systems play increasingly important roles in providing functions and business services for many organizations. Because of their ubiquitous natures dealing with a huge and diverse population of users, web applications must be tolerant to errors, adverse interactions and malicious attacks. The ability to quickly estimate security risks early in the system development life cycle can be beneficial in making various decisions. This is particularly crucial for large and complex web applications that are asset-critical and evolve rapidly through long life cycles. This paper presents a systematic approach for the automated assessment of security risks, at the design stage, of web-based information systems. The approach combines risk concepts in reliability engineering with heuristics using characteristics of software and hardware deployment design to estimate security risks of the system to be developed. It provides a simple early estimate of security risks that can help locate high-risk software components. We discuss limitations of the approach and give an illustration in an industrial engineering and business-to-business domain using a case study of a web-based material requirements planning system for a manufacturing enterprise.
Original language | English |
---|---|
Pages | 28-35 |
Number of pages | 8 |
State | Published - 2007 |
Event | 3rd International Conference on Web Information Systems and Technologies, Webist 2007 - Barcelona, Spain Duration: Mar 3 2007 → Mar 6 2007 |
Conference
Conference | 3rd International Conference on Web Information Systems and Technologies, Webist 2007 |
---|---|
Country/Territory | Spain |
City | Barcelona |
Period | 03/3/07 → 03/6/07 |
Keywords
- Computer security
- Risk assessment
- Software design
- Web-based systems