Organizations in this digital era use automated information technology systems to process their information in order to support their missions. Web applications (WA) offer services for business processes that imply handling organization valuable information. Their requirements have become more complex so as to guarantee information security. Security risk assessment (SRA) plays a critical role in protecting an organization's information assets. The main query has to do with which is the best form to determine what needs to be protected. This research refers Simon's pattern, specifically the intelligence phase, which is used to: (a) examine and monitor SRA reality in WA, and (b) identify and define essential problems in vulnerabilities determination and their consequences. This study establishes the bases for constructing an authentic problem pattern and how it can be attacked.
[1]
G. Stoneburner,et al.
Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology
,
2002
.
[2]
Dieter Gollmann,et al.
Computer Security
,
1979,
Lecture Notes in Computer Science.
[3]
Doshi Shreyas.
Software Engineering for Security : Towards Architecting Secure Software
,
2001
.
[4]
Matt Bishop,et al.
What Is Computer Security?
,
2003,
IEEE Secur. Priv..
[5]
William H. Sanders,et al.
Model-based evaluation: from dependability to security
,
2004,
IEEE Transactions on Dependable and Secure Computing.
[6]
Peter Gutmann,et al.
Security Usability
,
2005,
IEEE Secur. Priv..