Extended eTVRA vs. security checklist: Experiences in a value-web

  title={Extended eTVRA vs. security checklist: Experiences in a value-web},
  author={Ayse Morali and Emmanuele Zambon and Siv Hilde Houmb and Karin Sallhammar and Sandro Etalle},
  journal={2009 31st International Conference on Software Engineering - Companion Volume},
Security evaluation according to ISO 15408 (Common Criteria) is a resource and time demanding activity, as well as being costly. For this reason, only few companies take their products through a Common Criteria evaluation. To support security evaluation, the European Telecommunications Standards Institute (ETSI) has developed a threat, vulnerability, risk analysis (eTVRA) method for the Telecommunication (Telco) domain. eTVRA builds on the security risk management methodology CORAS and is… CONTINUE READING


Publications referenced by this paper.

Common Criteria For Information Technology Security Evaluation: Protection Profile Smart Card Integrated Circuit With Embedded Software

  • F.C.B. Certificat
  • 1999
Highly Influential
9 Excerpts

Systematic Reuse of Experience in Security Requirements Elicitation

  • K. Schneider, S. Houmb, J. Jürjens, J. Rossebø
  • Technical report, ETSI,
  • 2008
Highly Influential
4 Excerpts

Similar Papers

Loading similar papers…