Existing security engineering or change management processes (e.g., SDL, ITIL Change Management) are able to identify the major activities and artefacts of security or change management, and catalogue the vulnerabilities and safeguards of the system. However, process steps have to be performed in a fixed sequence on the whole system and its artefacts, and usually the analysis of change effects is not supported. To overcome these limitations in SecureChange a change-driven security engineering process is developed.
The following figure summarizes the actors and artefacts of the SecureChange process.
The main characteristics of the SecureChange process are the following.
An architectural blueprint and a software development process for security-critical lifelong systemsSubmitted by BME on Tue, 2010-02-16 10:44
The SecureChange security engineering process is revolutionary in the respect that it is fully change driven. The view of existing security engineering processes as sequences of actions (e.g. risk analysis and requirements elicitation) performed on the whole system has been replaced by the view of change events causing change propagation and state changes in the security engineering artefacts. This change of paradigm provides for the first time a systematic way of handling changes based on dependencies between artefacts. Beyond that the SecureChange process incorporates concepts for the collaboration of different stakeholders in security engineering, ranging from the IT manager and requirements engineer to the security architect and system administrator. The goal of this collaborative approach is to support continuous security management and to achieve an adequate level of security at any time in the software lifecycle.
Read more in the D2.1 - An architectural blueprint and a software development process for security-critical lifelong systems deliverable.