当今的安全解决方案更多地集中在提供安全防御,而不是解决IS安全问题的起因。为了辅助企业组织构造出一个适合自身的充分安全系统,改变以往的被动防御方式,提出了一个启发企业安全需求的安全需求工程SREP。它与系统研发过程相集成,全面分析和收集安全需求,通过一个系统的方法将安全需求整合到软件工程过程中。通过安全需求工程SREP的9个环节,保障企业有效抵御来自企业内部或外部潜在的威胁,从而达到防患于未然的目的。%Current security solutions more concentrate in the methods of security and defense, rather than resolve the causes of IS security issues. To help organizations construct a suitable complete security system and change the mode of previous passive defense, this paper presents a security requirements engineering process (SREP) to elicit security requirements for an organization. The SREP integrates with R&D process of system, comprehensively analyzes and collects security requirements, and use a systematic approach to make security requirements he integrated into software engineering process. According to the nine stages of the SREP, potential threats from insider or outsider of an organization can be ensured to defense so that the organization is safe.
展开▼