A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit <a rel="external noopener" href="https://core.ac.uk/download/pdf/42415864.pdf">the original URL</a>. The file type is <code>application/pdf</code>.
<i title="ACM Press">
<a target="_blank" rel="noopener" href="https://fatcat.wiki/container/wvv27s77dvd5flktsj246kcxwu" style="color: black;">Proceedings of the 38th International Conference on Software Engineering - ICSE '16</a>
Security is one of the biggest challenges facing organisations in the modern hyper-connected world. A number of theoretical security models are available that provide best practice security guidelines and are widely utilised as a basis to identify and operationalise security requirements. Such models often capture high-level security concepts (e.g., whitelisting, secure configurations, wireless access control, data recovery, etc.), strategies for operationalising such concepts through specific<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2884781.2884785">doi:10.1145/2884781.2884785</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/icse/RashidNRECB16.html">dblp:conf/icse/RashidNRECB16</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/wf2rm5l3wjhyrj2djxvpqk5j3q">fatcat:wf2rm5l3wjhyrj2djxvpqk5j3q</a> </span>
more »... ecurity controls, and relationships between the various concepts and controls. The threat landscape, however, evolves leading to new tacit knowledge that is embedded in or across a variety of security incidents. These unknown knowns alter, or at least demand reconsideration of the theoretical security models underpinning security requirements. In this paper, we present an approach to discover such unknown knowns through multi-incident analysis. The approach is based on a novel combination of grounded theory and incident fault trees. We demonstrate the effectiveness of the approach through its application to identify revisions to a theoretical security model widely used in industry.
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20171201092651/https://core.ac.uk/download/pdf/42415864.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/35/0b/350b2ffaaa232bb856a0e2d450a28274a3ed020c.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2884781.2884785"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>