Geofencing Components and Existing Models

This paper describes the various Geofencing Components and Existing Models in terms of their Information Security Control Attribute Profiles. The profiles will dictate the security attributes that should accompany each and every Geofencing Model used for Wi-Fi network security control in an organization, thus minimizing the likelihood of malfunctioning security controls. Although it is up to an organization to investigate the best way of implementing information security for itself, by looking at the related models that have been used in the past this paper will present models commonly used to implement information security controls in the organizations. Our findings will highlight the strengths and weaknesses of the various models and present what our experiment and prototype consider as a robust Geofencing Security Model for securing Wi-Fi Networks

Enhancing Security Requirements Engineering by Organisational Learning

More and more software projects today are security-related in one way or the other. Requirements engineers often fail to recognise indicators for security problems which is a major source of security problems in practice. Identifying security-relevant requirements is labour-intensive and errorprone. In order to facilitate the security requirements elicitation process, we present an approach supporting organisational learning on security requirements by establishing company-wide experience resources, and a socio-technical network to benefit from them. The approach is based on modelling the flow of requirements and related experiences. Based on those models, we enable people to exchange experiences about security-requirements while they write and discuss project requirements. At the same time, the approach enables participating stakeholders to learn while they write requirements. This can increase security awareness and facilitate learning on both individual and organisational levels. As a basis for our approach, we introduce heuristic assistant tools which support reuse of existing security-related experiences. In particular, they include Bayesian classifiers which issue a warning automatically when new requirements seem to be security-relevant. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. We show how the ability to identify security-relevant requirements can be improved using this approach. We illustrate our approach by providing a step-by-step example of how we improved the security requirements engineering process at the European Telecommunications Standards Institute (ETSI) and report on experiences made in this application.