Browsing by Author "Arogundade, Oluwasefunmi T."

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    Article
    Citation - WoS: 5
    Citation - Scopus: 6
    Enhancing Misuse Cases With Risk Assessment for Safety Requirements
    (Ieee-inst Electrical Electronics Engineers inc, 2020) Arogundade, Oluwasefunmi T.; Misra, Sanjay; Abayomi-Alli, Olusola O.; Fernandez-Sanz, Luis
    Risk-driven requirements elicitation represents an approach that allows assignment of appropriate countermeasure for the protection of the Information System (IS) depending on the risk level. Elicitation of safety requirements based on risk analysis is essential for those IS which will run on the open and dynamic Internet platform. Traditionally, misuse cases are used to find the weak points of an IS but cannot differentiate between the weak point that can lead to lenient hazard and/or serious hazard. In this paper, we present an enhanced misuse case approach to support IS safety risk assessment at the early stages of software process. We extensively examined and identified concepts which constitute a modelling technique for IS safety risk assessment and build a conceptual model for achieving IS safety risk assessment during the requirement analysis phase of software process. The risk assessment process follows an approach of consequential analysis based on misuse cases for safety hazard identification and qualitative risk measurement. The safety requirements are elicited according to the results of the risk assessment. A medical IS is used as a case study to validate the proposed model.
  • Thumbnail Image
    Article
    Citation - WoS: 22
    Citation - Scopus: 33
    An Ontology-Based Security Risk Management Model for Information Systems
    (Springer Heidelberg, 2020) Arogundade, Oluwasefunmi T.; Abayomi-Alli, Adebayo; Misra, Sanjay
    Security risk management is a knowledge-intensive procedure that requires monitoring and capturing relevant information that can assist in making the right decision by managers. In this paper, a semantically enhanced model for security management during the information system lifetime is proposed. The model supports the continuous collection of identified threat behaviours from the intrusion detection system, filtering and analysis of the threats within a time snapshot and re-appraiser of IS security countermeasures which involves the security administrator (S-Admin), managers, IS and security management system as stakeholders. The probe agent categorizes the security threats identified by the IDS using the developed ontology-driven knowledge base, while the likelihood of threats occurring in real time was obtained using long-term frequency probability. The case-based reasoning paradigm is employed for the security solution reasoning of identified threat risk. The suggested security solutions are based on CASE base built on existing threat ontology. The re-appraiser is based on the success likelihood of potential ongoing threats. The system facilitates management decision with regard to security control selection so that they can have a maximum Return on Security Investment. The proposed Collect-Probe-Analyse-Reason-Reappraise model is illustrated using an e-banking system.