%0 Journal Article
%T Asset Identification for Security Risk Assessment in Web Applications
%A Hisham M. Haddad
%A Brunil D. Romero
%J International Journal of Software Engineering
%D 2009
%I Software Engineering Competence Center (SECC)
%X As software applications become more complex they require more security, allowingthem to reach an appropriate level of quality to manage information,and therefore achieving business objectives. Web applications represent onesegment of software industry where security risk assessment is essential. Webengineering must address new challenges to provide new techniques and toolsthat guarantee high quality application development. This work focuses assetidentification, the initial step in security risk assessment for web applications.Risk assessment helps organizations determine security risks in informationmanagement systems. The formal approach to identifying information assets forrisk assessment is investigated using the MAGERIT methodology and EBIOSmethod. This work is carried out at Sim¨Žn Bolivar University (Venezuela) forits Student Opinion Survey Coordination web-based application. Under this research,a methodological tool for asset identification was developed to help theUniversity achieve security risk assessment. Assets are identified according totheir priorities in the organizational environment. This work contributes to WebEngineering in general, and to Information Security Management with emphasison security risk assessment.
%K Information Security
%K Methodologies
%K Asset Identification
%K Organization Management
%K Risk Assessment
%K Tools
%K Web Applications
%K Web Engineering
%U http://www.ijse.org.eg/Content/Vol2/No3/Vol2_No3_4.pdf