An architectural blueprint and a software development process for security-critical lifelong systems

The SecureChange security engineering process is revolutionary in the respect that it is fully change driven. The view of existing security engineering processes as sequences of actions (e.g. risk analysis and requirements elicitation) performed on the whole system has been replaced by the view of change events causing change propagation and state changes in the security engineering artefacts. This change of paradigm provides for the first time a systematic way of handling changes based on dependencies between artefacts. Beyond that the SecureChange process incorporates concepts for the collaboration of different stakeholders in security engineering, ranging from the IT manager and requirements engineer to the security architect and system administrator. The goal of this collaborative approach is to support continuous security management and to achieve an adequate level of security at any time in the software lifecycle.

Read more in the D2.1 - An architectural blueprint and a software development process for security-critical lifelong systems deliverable.