eRISE is a comparative study whose goal is to understand how effective an academic security requirements engineering method is when applied by someone other than its inventor.
42 participants were involved. They included 27 professionals--each of whom had a minimum of 5 years of working experience in the field of auditing in information systems--attending an MBA program at Dauphine University in Paris, plus 15 M.Sc. students in Computer Science from Trento with a background in security engineering and information systems.
5 research groups agreed to join the challenge and participate as the subjects of the study (which included giving tutorials, evaluating material, etc.). The methods were CORAS from SINTEF, LINDUNN from Katholieke Universiteit Leuven, SECURE TROPOS from the University of East London, SREP from the University of Castilla-la Mancha, and SECURITY ARGUMENTATION from Open University. Two industrial partners, Siemens and Atos, have participated by providing two case studies about the management of electronic health care records and smart grid systems.
This talk will present a hypothesis on the effectiveness of those academic methods, which emerged from the analysis of the collected data. Moreover, the talk will report on which aspects make those methods work, and the ones that don’t.
Dr. Federica Paciis a postdoctoral researcher in the Department of Information Engineering and Computer Science at the University of Trento. She is now working in the Network of Excellence on Engineering Secure Future Internet Software Services and Systems (NESSoS), which aims to constitute and integrate a long-lasting research community on engineering secure software-based services and systems. Her research is now focused on empirical methods in security. In the past, she has worked on the Secure Change European project, for which her research was focused on security requirements engineering for evolving systems. Her other research interests include access control and privacy mechanisms for Web 2.0 applications. From February 2008 to March 2009, Dr. Paci was a postdoctoral research associate at Purdue University. She earned her Ph.D. in Computer Science from the University of Milan, Italy, in February 2008. In February 2004, she received the equivalent of a combined bachelor’s/master’s degree in Computer Science, also from the University of Milan. Paci is the author or co-author of more than 30 conference papers and journal articles, and she has co-authored a book on Web services security.