Validating cyber security requirements a case study
Under the program all providers are required to be accredited by the Department as being able to deliver — and continue to deliver — services in a manner that meet various conditions.
One condition (defined in item 32 in the jobactive deed) relates to the protection of data entrusted to the provider by the Department in order to deliver these services; effectively extending many of the Australian Government security requirements that apply to the Department through to these providers.
Security is a quality attribute which interacts heavily with other such attributes, including availability, safety, and robustness.
It is the sum of all of the attributes of an information system or product which contributes towards ensuring that processing, storing, and communicating of information sufficiently protects confidentiality, integrity, and authenticity.
The Australian Government’s jobactive program, directed by the Department of Employment (‘the Department’) is an Australian-wide initiative aimed at getting more Australians working.
Through the program, jobseekers are both aided in getting prepared for work (or back to work) and being connected with employers through a network of Employment Services Providers (‘providers’).
It was also a challenge to change the focus of web application testing from penetration testing to testing integrated in the software development life cycle.
Our experiences from embedded security in critical IT systems show that security is only successful with a systematic understanding and handling of security requirements and their interaction with functional requirements.Due to the evolving nature and availability of these online resources there may be some cases that the links are dead or are re-routed to different material.GSIA staff works to keep the information links active and referencing relevant information.Four requirements engineering-related levers for achieving security are addressed: security requirements elicitation, security analysis, security design, and security validation.We will show for each of these levers how security is analyzed and implemented.