Kristian Beckers

Learn More
Several privacy requirements engineering approaches exist, which differ in notions and terminology. We extended a conceptual framework originally designed to compare security requirements engineering approaches with concepts and notions used in privacy requirements engineering. Furthermore, we apply our conceptual framework to compare and evaluate current(More)
Assembling an information security management system (ISMS) according to the ISO 27001 standard is difficult, because the standard provides only very sparse support for system development and documentation. Assembling an ISMS consists of several difficult tasks, e.g., asset identification, threat and risk analysis and security reasoning. Moreover, the(More)
The released ISO 26262 standard requires a hazard analysis and risk assessment for automotive systems to determine the necessary safety measures to be implemented for a certain feature. In this paper, we present a structured and model-based hazard analysis and risk assessment method for automotive systems. The hazard analysis and risk assessment are based(More)
Social engineering is the acquisition of information about computer systems through non-technical means. While technical security of most critical systems is high, these systems remain vulnerable to attacks from social engineers. Social engineering is a technique that: (a) does not require any (advanced) technical tools, (b) can be used by anyone, (c) is(More)
The released ISO 26262 standard for automotive systems requires breaking down safety goals from the hazard analysis and risk assessment into functional safety requirements in the functional safety concept. It has to be justified that the defined functional safety requirements are suitable to achieve the stated safety goals. In this paper, we present a(More)
Considering legal aspects during software development is a challenging problem, due to the cross-disciplinary expertise required. The problem is even more complex for cloud computing systems, because of the international distribution, huge amounts of processed data, and a large number of stakeholders that own or process the data. Approaches exist to deal(More)