IRIS

Socio-technical systems are an interplay of social (humans and organizations) and technical components interacting with one another to achieve their objectives. Security is a central issue in such complex systems, and it cannot be tackled only through technical mechanisms: the encryption of sensitive data while being transmitted, does not assure that the receiver will not disclose them to unauthorized parties. Therefore, dealing with security in socio-technical systems requires an analysis: (i) from a social and organizational perspective, to elicit the objectives and security requirements of each component; (ii) from a procedural perspective, to define how the actors behave and interact with each other. But, socio-technical systems need to adapt to changes of the external environment, making the need to deal with security a problem that has to be faced during all the systems’ life-cycle. We propose an iterative and incremental process to elicit security requirements and verify the socio-technical system’s compliance with such requirements throughout the systems’ life cycle

Preserving Compliance with Security Requirements in Socio-Technical Systems

Salnitri, Mattia;E. Paja;Giorgini, Paolo
2014-01-01

Abstract

Socio-technical systems are an interplay of social (humans and organizations) and technical components interacting with one another to achieve their objectives. Security is a central issue in such complex systems, and it cannot be tackled only through technical mechanisms: the encryption of sensitive data while being transmitted, does not assure that the receiver will not disclose them to unauthorized parties. Therefore, dealing with security in socio-technical systems requires an analysis: (i) from a social and organizational perspective, to elicit the objectives and security requirements of each component; (ii) from a procedural perspective, to define how the actors behave and interact with each other. But, socio-technical systems need to adapt to changes of the external environment, making the need to deal with security a problem that has to be faced during all the systems’ life-cycle. We propose an iterative and incremental process to elicit security requirements and verify the socio-technical system’s compliance with such requirements throughout the systems’ life cycle
2014
Cyber Security and Privacy - Third Cyber Security and Privacy EU Forum, CSP Forum 2014, Athens, Greece, May 21-22, 2014, Revised Selected Papers.
Germania
Springer
9783319125732
2-s2.0-84919941309
Salnitri, Mattia; Paja, E.; Giorgini, Paolo
File in questo prodotto:
File Dimensione Formato  
Preserving_Compliance_with_Security_Requirements_in_Socio-Technical_Systems_CSPForum14.pdf

Solo gestori archivio

Tipologia: Versione editoriale (Publisher’s layout)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.09 MB
Formato Adobe PDF
  Visualizza/Apri
1.09 MB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/101724
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? ND
social impact