NDLI: A Methodological Tool for Asset Identification in Web Applications: Security Risk Assessment

Content Provider	IEEE Xplore Digital Library
Author	Romero M, B.D. Haddad, H.M. Molero A, J.E.
Copyright Year	2009
Abstract	Security risk assessment in Web Engineering is an emerging discipline, where security is given a special attention, allowing software engineers to develop high quality and secure Web-based applications. A preliminary study revealed that asset identification (and evaluation) is an essential phase in risk assessment practices. This phase represents a degree of complexity and is the primary activity in the assessment process. This work focuses on asset identification and contributes to security risk assessment, which is essential part of software security. Specifically, the research goal is to design a methodological tool (instrument) for asset identification in web applications for the purpose of risk assessment. The proposed tool helps identify assets with security risks in web applications. The tool involves direct observations and survey questionnaires as data collection techniques used for this work. The research methodology is based on qualitative and quantitative analysis of a case study that focused on web-based application for Student Opinion Survey Coordination (EOE) developed in Simón Bolívar University, Venezuela. The data analysis required the use of cross-case analysis supported by the software application MAXQDA2007, which helps identify assets according to categories, such as Environment, Software, Hardware, Information and Networks. Under this work, students, faculty, staff, and software developers at Simón Bolívar University have participated in this study.
Starting Page	413
Ending Page	418
File Size	392610
Page Count	6
File Format	PDF
ISBN	9781424447794
DOI	10.1109/ICSEA.2009.66
Language	English
Publisher	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher Date	2009-09-20
Publisher Place	Portugal
Access Restriction	Subscribed
Rights Holder	Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subject Keyword	Risk management Application software Computer security Information security Data security Instruments Data analysis Information analysis Hardware Software engineering Web Engineering Computer Security Risks Assessment Web Applications
Content Type	Text
Resource Type	Article

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in