In this paper we aim to fill these gaps by presenting a comprehensive pattern-driven security methodology – arrived at by applying a previously devised approach to engineering security methodologies – specifically designed for general distributed systems, which is also capable of taking into account the specifics of peer-to-peer systems as needed.
While the literature does present several mature pattern-driven security methodologies with either a general or a highly specific system applicability, there are currently no (pattern-driven) security methodologies specifically designed for general distributed systems.
There are a number of such methodologies in the literature, but no single security methodology is adequate for every situation, requiring the construction of "fit-to-purpose" methodologies or the tailoring of existing methodologies to the project specifics at hand.
Recognizing the need for a more accurate and an equally agile security methodology, ShiftLeft has built a solution purpose-built to operationalize security for the new, highly agile cloud applications," Salem said in a statement.
Models and methodologies: As presented previously, the existing methodologies for security testing contain several variations in their characteristics, objectives, and procedures; however, those methodologies also have limitations regarding target scenarios since they are tailored to serve distinct purposes.
This entails the possible creation of a knowledge and research center for security, stability, and protection methodology.
OSSTMM is an international standard methodology for security testing, maintained by ISECOM Institute for Securityy and Open Methodologies).
This paper proposes a methodology for security requirement elicitation based on problem frames.
Here is an outline of the top methodologies used for security foresight, and the strengths and weaknesses of each.
Mainly influenced by the security assessment guidelines issued by, for example, the American Petroleum Institute (API, 2003), most of the methodologies developed for security risk assessment in hazardous industries have been based on the scoring of security risk parameters sequentially and largely independently of each other.
