Security Requirements Engineering

Fabiano Dalpiaz, Elda Paja and Paolo Giorgini

Published by

MIT Press





Reviewed by

Anthony Sutcliffe MSc CCI, MBCS


5 out of 10

Security has always been a key element of good software design and construction; but as this book highlights, with the increasing growth in the number of data breaches over the last few decades, it has become even more important.

The authors of this book propose a new method of analysing the security requirements by viewing them in the form of a socio-technical system, with a modelling process to convert the requirements elicited into the necessary code, in order to produce a more secure product.

Although the authors suggest that the book might be of value to practitioners within the programming field, it is clear from the structure and language used within the text, that it is intended primarily to be used as a course book within an academic setting; although it is not clear at what level of education this is aimed. There are many review questions and examples throughout the book, which would be appropriate for a classroom situation, and the arrangement of the material would be suitable for a number of teaching schedules.

The book also makes use of considerable referencing; and at times, this can be very annoying, particularly when it is necessary to follow up on the material listed in the bibliography, in order to get insight into the concepts behind their views. In a number of cases there is a lack of explanation or justification for the points put forward apart from the reference points, and this detracts from the value of their arguments.

Within the text, there are a number of detailed examples of how a process might be developed and analysed for the appropriate functionality. At times, this is really useful; but I did notice a few items where I felt that they should perhaps have looked a little more deeply into the process to provide more granularity into the procedure, and the necessary security requirements. I had the definite impression that the authors expected the gaps in the material to be filled in by a tutor, rather than by self-directed learning.

Overall, although the book offers some useful information and valuable insight into this important topic, I didn’t feel that it provides as much detail as might be required, and it is not in a format that would make it the best resource for individual learning. However, it might well be of some value as a primer for a starter course within programming.

Further information: MIT Press

November 2016