Discovering “unknown known” security requirements
- Submitting institution
-
The University of Lancaster
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 154337920
- Type
- E - Conference contribution
- DOI
-
10.1145/2884781.2884785
- Title of conference / published proceedings
- ICSE '16 Proceedings of the 38th International Conference on Software Engineering Austin, TX, May 14 - 22, 2016
- First page
- 866
- Volume
- -
- Issue
- -
- ISSN
- -
- Open access status
- -
- Month of publication
- May
- Year of publication
- 2016
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
5
- Research group(s)
-
I - Security
- Citation count
- 4
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- The method proposed in the paper was evaluated through an extensive analysis of major data exfiltration incidents. The results formed part of a report prepared for the CPNI (Centre for Protection of National Infrastructure) iDATA programme, which was disseminated through briefings to over 200 government and industry figures. The approach was applied to identify gaps in the widely used Top 20 Critical Security Controls (Version 5.0) and recommendations were made to the Council for Cyber Security to revise the controls. Version 6.0 of the controls reflects a number of our recommendations (some verbatim).
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -
