@inproceedings{c0ecc313d9134b3882598c9200934e58,
title = "Security triage: A report of a lean security requirements methodology for cost-effective security analysis",
abstract = "{\textcopyright} 2014 IEEE.Poste Italiane is a large corporation offering integrated services in banking and savings, postal services, and mobile communication. Every year, it receives thousands of change requests for its ICT services. Applying to each and every request a security assessment 'by the book'is simply not possible. We report the experience by Poste Italiane of a lean methodology to identify security requirements that can be inserted in the production cycle of a normal company. The process is based on surveying the overall IT architectures (Security Survey) and then a lean dynamic process (Security Triage) to evaluate individual change requests, so that important changes get the attention they need, minor changes can be quickly implemented, and compliance and security obligations are met.",
author = "M. Giacalone and R. Mammoliti and F. Massacci and F. Paci and R. Perugino and C. Selli",
year = "2014",
month = sep,
day = "3",
doi = "10.1109/EmpiRE.2014.6890112",
language = "English",
isbn = "9781479963379",
series = "2014 IEEE 4th International Workshop on Empirical Requirements Engineering, EmpiRE 2014 - Proceedings",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "25--27",
booktitle = "2014 IEEE 4th International Workshop on Empirical Requirements Engineering, EmpiRE 2014 - Proceedings",
address = "United States",
note = "2014 IEEE 4th International Workshop on Empirical Requirements Engineering, EmpiRE 2014 ; Conference date: 25-08-2014",
}