Search CORE

4 research outputs found

Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the

Author: Allied Irish Bank
Allied Irish Bank
Fabio Massacci
Fabio Massacci
John Rusnak
Nicola Zannone
Nicola Zannone
The
Publication venue
Publication date
Field of study

The last years have seen a growing concern on the security of information systems and, consequently, a call to arms for including security aspects during the entire development process. Unfortunately, most proposals treat security in system-oriented terms and model information systems through the policies and security mechanisms they supports. In con-trast, attackers move around such security measures by exploiting weaknesses of the orga-nization as a whole. Many weaknesses are due to the presence of conflicts in functional and security requirements at organizational level. In this paper we show how the Secure Tropos requirements engineering methodology can be used to model such conflicts in a concrete case study: the fraud at Allied Irish Bank. In particular, the paper analyzes the vulnerabilities affecting the organization and information system of Allied Irish Bank and its subsidiary First Maryland Bancorp, that were exploited by a currency trader in order to fraudulently cover $700 million losses.

CiteSeerX

Detecting Conflicts between Functional and Security Requirements with Secure Tropos: John Rusnak and the Allied Irish Bank

Author: Allied Irish Bank
Fabio Massacci
Nicola Zannone
Publication venue
Publication date
Field of study

The last years have seen a growing concern on the security of information systems and, consequently, a call to arms for including security aspects during the entire development process. Unfortunately, most proposals treat security in system-oriented terms and model information systems through the policies and security mechanisms they support. In contrast, attackers bypass such security measures by exploiting weaknesses of the socio-technical system as a whole. Many weaknesses are due to the presence of conflicts in functional and security requirements at organizational level. In this paper we show how the Secure Tropos requirements engineering methodology can be used to model such conflicts in a concrete case study: the fraud at Allied Irish Bank. In particular, the paper analyzes the vulnerabilities a#ecting the organization and information system of Allied Irish Bank and its subsidiary First Maryland Bancorp, that were exploited by a currency trader in order to fraudulently cover $700 million losses

CiteSeerX

Prospect Theory predictions in the field: Risk seekers in settings of weak accounting controls

Author: Abdel-khalik
Ahmed
Ahmed
Allais
Allied Irish Bank
Alloway
Aloisi
Barberis
Barings Debacle
Burne
Burton
Caminada
Coates
Commodity and Futures Trading Commission
Commodity Futures Trading Commission
Commodity Futures Trading Commission
Edwards
Iguchi
International Monetary Fund
JP Morgan Chase
Kahneman
Kaminska
Laurent
Lewis
Marthinsen
Mather
McGee
Melendez
Mello
Nasar
Nash
National Post
Norris
O’Brien
Partnoy
Pasternak
Pekarek
President Working Group on Financial Markets
Ruhle
Schneider
Schwartz
Securities and Exchange Commission
Securities and Exchange Commission
Securities and Exchange Commission
Shefrin
Shirbon
Skyrm
Smith
Sorkin
The United States District Court
The United States District Court for the District of Maryland
The United States District Court Southern District of New York
The United States Senate
Tversky
Verabeek
Wachman
Walker
Wearden
Wheatley
Zuckerman
Zuckerman
Publication venue: 'Elsevier BV'
Publication date
Field of study

Crossref