A systematic review of Information security knowledge-sharing research

It is crucial for knowledge to be shared in the information security domain. In effect, sharing ensures that knowledge and skills are propagated through the organisation. Here, we report on a systematic literature review we carried out to gain insight into the literature related to information security knowledge sharing within organisations. The literature highlights the importance of security knowledge sharing in terms of enhancing organisational security awareness, and identifies gaps that can be addressed by researchers in the area

A 3-Dimensional relevance model for collaborative software engineering spaces

Today's large software projects are often characterised by distributed environments with numerous developers separated in space and/or time. This separation means that the common understanding and tacit knowledge that is a feature of closely colocated project teams is very hard to come by. As a consequence, relatively simple tasks such as identifying functionally related modules or finding individuals who are experts in aspects of the system become more challenging and time-consuming. This paper presents a Continuum of Relevance Index (CRI) model that uses information gathered from developer IDE interactions to generate orderings of relevant tasks, project artefacts and developers. A case study is used to demonstrate how the model can be used to attain a shared knowledge and common understanding of the extent to which tasks, artefacts and developers are relevant in a group development work context

Enabling hazard identification from requirements and reuse-oriented HAZOP analysis

The capability to identify potential system hazards and operability problems, and to recommend appropriate mitigation mechanisms is vital to the development of safety critical embedded systems. Hazard and Operability (HAZOP) analysis which is mostly used to achieve these objectives is a complex and largely human-centred process, and increased tool support could reduce costs and improve quality. This work presents a framework and tool prototype that facilitates the early identification of potential system hazards from requirements and the reuse of previous experience for conducting HAZOP. The results from the preliminary evaluation of the tool suggest its potential viability for application in real industrial context

Using ontologies and machine learning for hazard identification and safety analysis

Safety analysis (SA) procedures, such as hazard and operability analysis (HazOp) and failure mode and effect analysis (FMEA), are generally regarded as repetitious, time consuming, costly and require a lot of human involvement. Previous efforts have targeted automated support for SA at the design stage of system development. However, studies have shown that the cost of correcting a safety error is much higher when done at the later stages than the early stages of system development. Hence, relative to previous approaches, this chapter presents an approach for hazard identification (HazId) based on requirements and reuse-oriented safety analysis. The approach offers a convenient starting point for the identification of potential system safety concerns from the RE phase of development. It ensures that knowledge contained in both the requirements document and previously documented HazOp projects can be leveraged in order to attain a reduction in the cost of SA by using established technologies such as ontology, case-based reasoning (CBR), and natural language processing (NLP). The approach is supported by a prototype tool, which was assessed by conducting a preliminary evaluation. The results indicate that the approach enables reuse of experience in conducting safety analysis, provides a sound basis for early identification of system hazards when used with a good domain ontology and is potentially suitable for application in practice by experts

Use case to source code traceability : the developer navigation view point

Requirements traceability is a challenge for modern software projects where task dependencies and technical expertise are spread across system developers, abstract model representations such as use cases, and a myriad of code artefacts. This paper presents an approach that monitors the navigation trails left by developers when building code artefacts to realise project use cases. These trails are analysed to generate a relevance ranking of entities that constitute a traceability link between uses cases and code artefacts and the developers responsible for them. Investigation in a software development scenario shows that a range of use case traceability questions can be answered through visualisations which present ordered relevance lists of the entities associated with use cases and by the use of trace graphs where the size of nodes show the importance, or 'information centrality' of system entities