The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Electronic protected health information is a priority among politicians and healthcare providers alike. Under the current circumstances with increased data breaches and their associated costs ensuring information security is essential for the success of healthcare providers. This paper presents a detailed case study of a major hospital in the NY/NJ metropolitan area demonstrating the complexity of...
This paper presents an empirical analysis of security and user experience issues in cloud computing. The study is based on the assumption that superior user experience and user-centric security are the two crucial issues that help to build an overall experience for the cloud service user. Qualitative research analysis is used to collect perspectives of eleven experts from Finnish Cloud Software Program...
There are several sudden failures in Chinese civil aviation departure information system. Emergency treatment and rapid recovery for the system have important significance for efficient operation of civil aviation. Based on several pairs of fault analysis for the departure information system, the network devices and host system's security response disposal plan and the computer virus emergency response...
Books and articles frequently exhort developers to build secure software by designing security in. A few large companies (most notably Microsoft) have completely reengineered their development process to include a focus on security. However, for all except the largest vendors, software security (or software assurance) is a relatively recent phenomenon, and one with an uncertain payoff. In this paper,...
The transformation from products to services is a current tendency in software companies. While companies expect services to increase their revenue and competitive advantage, the shift is reported to cause challenges. To study a transformation, a case study was performed at F-Secure. As a result, a set of success factors and challenges related to utilizing Software as a Service model over time are...
The open source paradigm is giving rise to new methodologies, competences and processes that need to be investigated both from the technical and the organizational point of view. Many organizations are investigating the possibility to adopt open source software or migrate their systems to open frameworks also in critical environments. In this paper, we shows how the assurance has been elevated as...
Security requirements strongly influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. However, there is still a critical gap concerning the integration of the methods of these separate fields. In this paper we close this gap with respect...
Code reviews with static analysis tools are today recommended by several security development processes. Developers are expected to use the tools' output to detect the security threats they themselves have introduced in the source code. This approach assumes that all developers can correctly identify a warning from a static analysis tool (SAT) as a security threat that needs to be corrected. We have...
As e-Business and e-Commerce applications are increasingly exposed to a variety of information security threats, corporate decision makers are increasingly forced to pay attention to security issues. Risk management provides an effective approach for measuring the security but existing risk management approaches come with major shortcomings such as the demand for very detailed knowledge about the...
This article is quite different from other articles published in basic training; rather than focus on a specific security-related technology, I want to focus on another important topic: how to be more effective as a security person.
This paper presents a discussion of educational case studies used in security requirements assessment and requirements prioritization. Related to this, it introduces risk understanding as an added dimension to the requirements prioritization process. It should be self-evident that the final product should incorporate the requirements with the greatest value. Nevertheless, in a time when security is...
This paper describes an undergraduate course in software engineering which introduces students to a range of approaches to developing software. This course is a required course in the Computer Science major. Special emphasis is given to PSP, CMMI, agile processes, and Open Source software development. Students work on a team project which involves developing a software process for a pretend company...
As the software industry continues to mature, software companies are realizing that they must dedicate more resources to quality assurance (QA) processes. But even though security testing as part of an overall QA process for products shipped to customers is starting to gain acceptance in the software industry as a necessity, the majority of software vendors pay little to no attention to the security...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.