0% found this document useful (0 votes)
78 views6 pages

A Design For Comprehensive Information System Management Framework Integrating Secure Software Development Resource Management and Real-Time Monitoring

Uploaded by

yudhiwb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
78 views6 pages

A Design For Comprehensive Information System Management Framework Integrating Secure Software Development Resource Management and Real-Time Monitoring

Uploaded by

yudhiwb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

2024 7th International Conference on Informatics and Computational Sciences (ICICoS)

A Design For Comprehensive Information System


Management Framework Integrating Secure
Software Development, Resource Management, and
Real-Time Monitoring
2024 7th International Conference on Informatics and Computational Sciences (ICICoS) | 979-8-3503-7588-6/24/$31.00 ©2024 IEEE | DOI: 10.1109/ICICoS62600.2024.10636894

Herlambang Rafli Wicaksono Ihsan Fadli Tampati Nathanael Berliano Novanka Putra
Politeknik Siber and Sandi Negara Politeknik Siber and Sandi Negara Politeknik Siber and Sandi Negara
Bogor, Indonesia Bogor, Indonesia Bogor, Indonesia
[email protected] [email protected] [email protected]

Hermawan Setiawan Dimas Rifqi Firmansyah


Politeknik Siber and Sandi Negara Politeknik Siber and Sandi Negara
Bogor, Indonesia Bogor, Indonesia
[email protected] [email protected]

Abstract—This paper proposes a holistic framework for the from [5], several websites from various organizations
development, management, and monitoring of secure web worldwide have been successfully breached by hackers,
information systems. Emphasizing a secure software resulting in data leaks. Data breaches can have significant
development life cycle (SDLC), resource management, and real- impacts on the continuity of companies or organizations.
time monitoring, the framework aims to standardize and Companies or organizations that have experienced data
enhance the process of web application development while breaches are likely to lose customers due to a decrease in
prioritizing security at every phase. The framework customer trust or may not operate optimally due to financial
incorporates threat modeling during planning and design, losses [6], [7], [8]. Additionally, as the scale of an organization
security guidelines during implementation, and continuous
grows, it becomes increasingly difficult to manage tasks and
vulnerability scanning. Additionally, it integrates resource
management to ensure effective allocation of human, hardware,
monitor the organization's website. Therefore, concrete
and software resources. Tools are employed for real-time solutions are needed to address the organization's
monitoring, providing usage insights that inform managerial cybersecurity issues, organizational task management, and
decisions. The proposed framework strives to create a website monitoring.
comprehensive approach to web application development that is This research proposes a comprehensive framework for
both secure and well-managed. The implementation results integrating the information system development,
demonstrate the proposed framework's effectiveness in
management, and monitoring processes into a cohesive
simplifying development, optimizing resources, and enhancing
process to minimize cyberattacks, facilitate organizational
security for web applications. Furthermore, compared to the
secure software development lifecycle (SSDLC) framework, it task management, and intensify organizational monitoring.
offers advantages in resource management and real-time The proposed framework will be implemented in the website
monitoring, rendering it more comprehensive. development process using the Secure Software Development
Lifecycle (SSDLC) agile methodology, organizational task
Keywords—Information System, Information System management using Notion, and digital resource monitoring
Management, Development, Resource Management, using CloudFlare real-time monitoring.
Monitoring
II. LITERATURE REVIEW
I. INTRODUCTION Some work has been done to research Software
As time progresses, technologies continue to advance Development Life Cycle (SDLC) as a structured framework
rapidly. The rapid development of technology drives utilized by organizations to guide the development process of
companies or organizations to integrate their services with an application from the beginning to the end of its life cycle
technology to enhance service quality, organizational [9], [10], [11], [12], [13], [14], [15], [16], [17]. The aim of the
productivity, and organizational agility [1], [2]. One of the software development environment is to efficiently deliver
technologies commonly used to integrate services is a website. functional products within a short timeframe and with
Based on data from "google it" [3], the use of websites is minimal resources. Various software development
crucial because 86% of people rely on the internet, and 46% methodologies exist, all of which generally encompass
of people prefer to search for information through the internet. activities such as requirement identification, architectural
Therefore, organizations need to introduce their services design, implementation, testing, deployment, and
through the internet using a website. maintenance. But, in such cases, important aspects like
software quality and security often receive little to no attention
However, a recent report from SiteCheck [4] indicates that and the significant value that projects could offer is frequently
there are 628,085 websites identified as 'infected sites' out of overlooked [18].
a total of 54,743,804 websites examined as of mid-2023. The
category of 'infected sites' can arise due to various conditions, To ensure security, implementation of the enhanced
but typically result from hackers exploiting vulnerabilities in version of the SDLC that integrates various security measures
websites to obtain valuable information such as credit card or practices. These may include security specification
information, SEO, traffic, etc. Furthermore, according to data languages, security requirements engineering processes,

Authorized licensed use limited to: Universitas Indonesia. Downloaded on November 05,2024 at 06:42:26 UTC from IEEE Xplore. Restrictions apply.
979-8-3503-7588-6/24/$31.00 ©2024 IEEE 209
2024 7th International Conference on Informatics and Computational Sciences (ICICoS)

secure design specifications, sets of secure design guidelines,


secure design patterns, secure coding standards, and software
security assurance methods such as penetration testing, static
analysis for security, and code reviews for security [9].
Implementing Secure SDLC is crucial not only for achieving
robustness but also for its broader significance in terms of
benefits for customers, users, developers, and software
solution providers. These benefits include cost reduction,
decreased development time spent on error resolution,
avoidance of security audit repetitions, and more [18].
Continuous Integration (CI) and Continuous Development
(CD) have emerged as widely recognized methodologies
DevOps aimed at expediting the delivery of new
functionalities. This is accomplished by automating the testing
and deployment of software updates, often multiple times Fig. 1. Proposed Framework Overview
daily. These ongoing practices are anticipated to yield
numerous advantages, including facilitating more immediate management covers the monitoring of the deployed system
and extensive feedback from both the software development and resource management. Resources used to develop the
process and customers, enhancing customer satisfaction and system are managed using resource management.
product quality, bolstering the collaboration between
development and operations teams and streamlining manual A. Software Development Life Cycle (SDLC)
task through CD [19], [20]. An increasing number of real- Various development, operational and security practices
world examples demonstrate the integration of continuous should be implemented in the SDLC model used, including
practices into software development across various industries but not limited to:
and organizational scales [19], [21], [22].
1) Threat Modeling in Planning and Design: Planning
Cloud computing has emerged as a transformative and designing phase in an SDLC model usually produces a
computing model, reshaping the virtualization and utilization detailed blueprint of how an information system is going to
of computing infrastructure [23]. It provides convenient
be built. Planning will include describing the functional and
access to vast pools of resources, including processing power,
storage, and networking, without requiring significant capital non functional requirements of the information system. The
investment and with modest operating costs that align with involved parties such as the owner and analyst should
actual usage. Cloud computing offers immediate access to describe the security requirement as well to make sure the
cost-effective hardware and software platforms, featuring application is planned to be secure from the beginning.
elasticity, pay-per-use, low initial investment, and rapid time Designing will provide detailed documentation of how the
to market. Consequently, there has been a surge in the system is going to work including its architecture and
deployment of business-critical applications on various cloud components. The documentation shall be used to create a
platforms, necessitating robust monitoring and benchmarking threat modeling using various available methods such as
mechanisms to ensure real-time Quality of Services (QoS) attack tree, DREAD and STRIDE. Risk mitigation can be
[24]. QoS considerations are increasingly vital across all
enhanced by aligning threat modeling to planning and
service monitoring types, particularly in Web-Service-based
Real-Time content monitoring, which spans diverse designing phases because it facilitates the identification and
application domains involving text, video, audio, and image analysis of potential threats. Threat modeling techniques
requests from users [25]. Various frameworks, such as produce visual and comprehensive insights to the
CloudFlare, Akamai, StackPath, KeyCDN, and Sucuri vulnerabilities of the system thus providing better
facilitate Web-Service-based-Real-Time monitoring. understanding of the action needed to prevent such
vulnerabilities reaching up production level. This approach
III. PROPOSED FRAMEWORK also forms the mindset of the developers ro always be
This framework includes the development, securing, and conscious of the security aspect when developing the system.
management of information systems. The overview of this Thread modeling implementation also allows the developer
framework is shown in Fig. 1. to create countermeasures for the upcoming potential threats.
The development part of the system is managed using 2) Secure Coding Guidelines in Implementation:
SDLC to ensure the structure and stability of its processes to
Implementing blueprints produced in the design phase
be good. The choice of SDLC model used is up to the
authorities, as long as it contains the essential phases to usually done by developers by coding the software.
implement the security practices. Various security practices Developers can make mistakes or implement the code in a
are implemented to the SDLC to cover the securing part of the different manner from the provided blueprints. The
framework, including thread modelling, secure coding, and inconsistency between the phases can produce other potential
vulnerability scanning. Additional security practices can be vulnerabilities that have been eliminated or handled in
inserted to increase the security ensurement of the system. previous phases. Bad coding practice that does not follow
Continuous Integration and Continuous Deployment (CI CD) existing convention, best practice, or rules can cause the
are employed to make the process automated and decrease or resulting system to be hard to maintain, unstable, and not
even annihilate human error. CI CD can also be integrated to secure.
automatically scan or test the system before delivery. System

Authorized licensed use limited to: Universitas Indonesia. Downloaded on November 05,2024 at 06:42:26 UTC from IEEE Xplore. Restrictions apply.
210
2024 7th International Conference on Informatics and Computational Sciences (ICICoS)

In order to make sure that the system blueprints are reliable codebase. Additionally, CI/CD fosters a collaborative
implemented properly, one should choose at least one of the environment, as teams work cohesively, integrating changes
available secure coding guidelines. The choosing of regularly and resolving issues promptly. Lastly, the
guidelines to be used is also up to the authorities, adjusting the consistency and automation provided by CI/CD ensure a
SDLC model being used for developing. Secure coding standardized deployment process, increasing overall
principles should be well-implemented in the process of efficiency and productivity.
coding the system. Sanitizing input, encoding output,
parameterizing query, and much more security related best- B. Resource Management
practice must be deeply understanded by the developers. Resource management is a critical aspect of organizational
Common vulnerabilities such as SQL injection and Cross Site operations that involves the efficient allocation and utilization
Scripting (XSS) should be well mitigated by applying the best- of various resources, including human resources (man),
practices available. Automated testing or checking can also be financial resources (money), physical resources (machine),
implemented to minimize the daily effort and human error. and temporal resources (time). The purpose of resource
management is to ensure that these resources are utilized
3) Vulnerability Assessment before Delivery: effectively to support the organization's objectives, maximize
Vulnerability Assessment (VA) is a process of scanning a productivity, and achieve optimal outcomes.
system for its potential and/or suspected vulnerabilities and
Effective resource management involves identifying the
assessing them as consideration for action taken. VA is aimed
necessary resources and allocating them appropriately to meet
to find all potential and/or suspected holes in terms of the project's needs. Additionally, resource management
security. This action will help to identify and address the involves careful planning and scheduling to ensure that
exact location of security weakness. resources are available when needed and are utilized
Before the delivery phase of the SDLC, VA should be efficiently. Furthermore, resource management also
implemented to identify and address potential vulnerabilities encompasses the assignment of tasks and responsibilities to
in the system. The VA methodology used can be adjusted to individuals within the organization. Similarly, managing
the SDLC model implemented. For example, passive testing financial resources involves budgeting, tracking expenditures,
can and should be used in the Waterfall SDLC because of its and ensuring that funds are allocated in a manner that aligns
detailed and linear structured phases. On the other hand, Agile with organizational priorities. Finally, managing physical
SDLC can be improved using active testing specifically using resources such as machinery and equipment involves
automated services for more time efficiency and simplicity. maintenance scheduling, asset tracking, and ensuring that
4) Continuous Integration and Continuous Delivery: these resources are utilized effectively to support
organizational activities.
Continuous Integration (CI) ensures that developers
frequently merge their code changes into a shared repository, C. Integration of Real-time System Monitoring
triggering automated tests to identify integration issues early Monitoring is an essential part of any management,
in the development cycle. Continuous Delivery (CD) extends including information system management. This activity
CI by automating the deployment process, allowing includes the continuous observation and analysis of various
successfully tested code changes to move seamlessly through aspects of an information system, such as its performance,
staging environments to production. By utilizing the GitHub security, and availability. Done by employing specialized
Actions feature, developers can configure automated testing tools and processes, system monitoring aims to ensure the
upon any changes as shown in Fig. 2. Upon successful optimal functioning of the system by detecting and addressing
issues promptly. By actively monitoring indicators, managers
testing, the system can automatically trigger deployment to
can make informed decisions, allocate resources effectively,
the server. The deployment process requires credentials for and enhance efficiency and resilience.
the SSH server, which are stored in GitHub environment
variables. IV. IMPLEMENTATION EXAMPLE
The implementation of CI/CD practices offers several In this example we will manage the development,
benefits to software development teams. Firstly, it accelerates resource, and monitoring of a laboratory management
time-to-market by enabling faster integration and deployment software. The first part is the software development, in which
of new features and updates. Secondly, it minimizes errors by we will be using the Agile SDLC model. Please be aware that
detecting integration issues early, ensuring a more stable and the selection of models and methods is flexible and chosen by
the organization to suit its specific needs and circumstances.
The first step is to define the requirements of the software
using a use case diagram. To elaborate the security, we extend
the use case diagram further to misuse case diagram so the
potential security vulnerability. Misuse case diagram is a
diagram used to describe sequence of actions that an entity can
perform in order to cause harm to the legitimate user or the
system itself [26]. This diagram can be used to understand
threats to the system that potentially could lead to
vulnerabilities.
The misuse case diagram depicted in Fig. 3 reveals several
critical vulnerabilities that require immediate attention to
enhance system security. Firstly, there's a vulnerability to
Fig. 2. Continuous Delivery Workflow Cross-Site Request Forgery (CSRF) during lab attendance and

Authorized licensed use limited to: Universitas Indonesia. Downloaded on November 05,2024 at 06:42:26 UTC from IEEE Xplore. Restrictions apply.
211
2024 7th International Conference on Informatics and Computational Sciences (ICICoS)

tree to define the vulnerability including the attack surfaces,


corresponding CWE, CAPEC, potential impacts and
suggested action as shown in Fig. 4. One of the threat covered
by Fig. 4. is the attacker exploiting the user attending the lab
mechanism by creating a forged request that masquerades as
legitimate user activity. This CSRF attack, categorized under
CWE-352 and CAPEC-62, could result in the user
unknowingly executing the attacker's malicious request. To
mitigate this risk, the recommended action is to implement
anti-CSRF tokens within the software, ensuring that each
request includes token that validates authenticity and origin.
Fig. 3. Misusecase Diagram In the implementation phase, secure coding practices are
implemented to ensure the produced software excels in
inventory lending requests, necessitating the implementation security, especially in the analyzed vulnerability. We use
of CSRF tokens to prevent unauthorized actions. Secondly, OWASP Secure Coding Practices-Quick Reference Guide for
the risk of Brute Force or Dictionary Attacks targeting login this example and produce software as shown in Fig. 5.
functionality highlights the need for strong password policies.
Lastly, Cross-Site Scripting (XSS) vulnerabilities in
managing user and inventory data emphasize the importance
of input validation and output encoding to sanitize user inputs
and prevent malicious script injections.
1) Password Policy: User’s passwords must meet certain
criteria to reduce the likelihood of successful brute force
attacks. In this research, a minimum password length of 8
characters and a maximum login failure count of 10 times are
utilized, referring to the NIST Special Publication 800-63B
which governs recommendations for Identity and Access
Management (IAM), including password policies.
2) Input/Output Cleansing and Validation: Input and Fig. 5. Software Result
output data must undergo cleansing and validation processes
to prevent XSS (Cross-Site Scripting) attacks. In this When delivering the information system to production, we
use Github Action to automate the vulnerability assessment.
research, all input data received from users and output data
We create a workflow to scan the information system using
displayed to users are sanitized and validated to ensure that sonarcloud each time new code is being pushed to the
malicious scripts cannot be injected into the application. repository. In this example we have two security alerts from
3) CSRF Token: Requests made by users must be ensured usage of deprecated module function as shown in Fig. 6(a).
to originate from the built application and not be the result of We also use Github Action to automate the information
CSRF attacks. In this research, anti-CSRF token sent in the
post request made by the user is utilized.
In the design phase, we can add another threat modelling
method to further address the vulnerability. We can use attack

(a)

(b)

Fig. 6. Github Implementation


Fig. 4. Attack Tree

Authorized licensed use limited to: Universitas Indonesia. Downloaded on November 05,2024 at 06:42:26 UTC from IEEE Xplore. Restrictions apply.
212
2024 7th International Conference on Informatics and Computational Sciences (ICICoS)

(a)

(a)

(b)

(c)
Fig. 8. Notion Implementation

Fig. 7(b). Another feature provided is to show the analytic of


security aspects as shown in Fig. 7(c). to see the threats,
including time and location to support managerial decisions.
(b)
Another part of the management is resource management,
which is implemented using Notion in this example. We create
a Gantt Chart to manage the task, timeline and personnel
assigned to do as shown in Fig. 8(a). This covers man and time
resource management. In Fig. 8(a), it is known that the
coordination stage with the client is carried out initially and
needs to be performed before conducting the needs analysis.
during the needs analysis stage, the application system design
process can be initiated. List view mode is also provided so
one can see the detail of each task as shown in Fig. 8(b). In
term of money, we also use Notion for budget management
where we note income and expenses of the information system
as shown in Fig. 8(c). Notion can be organized to record both
expenses and income data. These records should include
detailed descriptions of their purpose and, if necessary,
receipts for purchases.
V. CONCLUSION
(c)
In conclusion, the proposed comprehensive information
Fig. 7. Cloudflare Implementation system management framework offers a structured approach
to managing development, resources, and monitoring.
system deployment by setting up a workflow that will trigger Emphasizing security throughout the lifecycle, optimizing
a ssh command job as shown in Fig. 6(b). so that every time resource allocation, and enabling proactive monitoring, it
new code is being pushed to the repository, the production systematically mitigates cyber threats, enhances task
server will pull the latest code and update the running management, and ensures web application reliability.
information system in real-time. Compared to the secure software development lifecycle
To monitor the information system in real-time, we use (SSDLC) framework, it excels in resource management and
Cloudflare that provides a dashboard showing brief real-time monitoring, making it more comprehensive.
information of our information system which includes the Through the implementation example provided, it is
number of visitor and requests as shown in Fig. 7(a). evident that the proposed framework can be effectively
Cloudflare also provides analytics, one of them is web traffic applied to manage information systems systematically. By
to see the time and region of a request, thus gaining following the outlined methodologies and leveraging the
information of when and where it is mostly used as shown in appropriate tools and technologies, organizations can

Authorized licensed use limited to: Universitas Indonesia. Downloaded on November 05,2024 at 06:42:26 UTC from IEEE Xplore. Restrictions apply.
213
2024 7th International Conference on Informatics and Computational Sciences (ICICoS)

streamline their development processes, optimize resource lifecycle,” in 20th Annual Computer ecurity Applications Conference,
utilization, and proactively monitor the performance and 2004, pp. 2–13. doi: 10.1109/CSAC.2004.41.
[13] V. Figueroa, “Secure Software Development Life Cycle - OWASP
security of their web applications. Overall, the proposed LATAM Tour 2016,” 2019.
framework serves as a valuable blueprint for organizations [14] M. Beiter, “Steps in a Secure Software Development Lifecycle
seeking to enhance the security, efficiency, and effectiveness Model.” [Online]. Available: https://www.michael.beiter.org/2013
of their information system management practices. /11/29/steps-in-a-secure-software-development-lifecycle-model-1/
[15] M. I. Daud, “Secure software development model: A guide for secure
REFERENCES software life cycle,” Proc. Int. MultiConference Eng. Comput. Sci.
2010, IMECS 2010, no. July 2010, pp. 724–728, 2010.
[1] P. P. Tallon, M. Queiroz, T. Coltman, and R. Sharma, “Information [16] M. Buinevich, K. Izrailov, and A. Vladyko, “The life cycle of
technology and the search for organizational agility: A systematic vulnerabilities in the representations of software for
review with future research possibilities,” J. Strateg. Inf. Syst., vol. 28, telecommunication devices,” in 2016 18th International Conference
no. 2, pp. 218–237, 2019, doi: on Advanced Communication Technology (ICACT), 2016, pp. 1–2.
https://doi.org/10.1016/j.jsis.2018.12.002. doi: 10.1109/ICACT.2016.7423419.
[2] T. Ravichandran, “Exploring the relationships between IT [17] A. Hudaib, M. Alshraideh, O. Surakhi, and M. Alkhanafseh, “A
competence, innovation capacity and organizational agility,” J. Survey on Design Methods for Secure Software Development,”
Strateg. Inf. Syst., vol. 27, no. 1, pp. 22–42, 2018, doi: International Journal Of Computers & Technology, vol. 16, pp. 7047–
https://doi.org/10.1016/j.jsis.2017.07.002. 7064, Dec. 2017, doi: 10.24297/ijct.v16i7.6467.
[3] S. Knowledge, “Importance of Website: Know why do you need a [18] J. de V. Mohino, J. B. Higuera, J. R. B. Higuera, and J. A. S.
website,” Web Development. [Online]. Available: https://star- Montalvo, “The application of a new secure software development life
knowledge.com/blog/importance-of-website-for-business/ cycle (S-SDLC) with agile methodologies,” Electron., vol. 8, no. 11,
[4] S. Remote and W. Scanner, “SiteCheck”, 2023. [Online] Availabe: 2019, doi: 10.3390/electronics8111218.
https://sitecheck.sucuri.net. [19] M. Leppänen et al., “The highways and country roads to continuous
[5] “Who’s Hacked? Latest Data Breaches And Cyberattacks,” Cyber deployment,” IEEE Softw., vol. 32, no. 2, pp. 64–72, 2015, doi:
Crime Magazine. [Online]. Available: https://cybersecurityventures. 10.1109/MS.2015.50.
com/intrusion-daily-cyber-threat-alert/ [20] L. Chen, “Continuous delivery: Huge benefits, but challenges too,”
[6] L. Cheng, F. Liu, and D. D. Yao, “Enterprise data breach: causes, IEEE Softw., vol. 32, no. 2, pp. 50–54, 2015, doi:
challenges, prevention, and future directions,” Wiley Interdiscip. Rev. 10.1109/MS.2015.27.
Data Min. Knowl. Discov., vol. 7, no. 5, pp. 1–14, 2017, doi: [21] A. A. U. Rahman, E. Helms, L. Williams, and C. Parnin,
10.1002/widm.1211. “Synthesizing Continuous Deployment Practices Used in Software
[7] R. Janakiraman, J. H. Lim, and R. Rishika, “The Effect of a Data Development,” in 2015 Agile Conference, 2015, pp. 1–10. doi:
Breach Announcement on Customer Behavior: Evidence from a 10.1109/Agile.2015.12.
Multichannel Retailer,” J. Mark., vol. 82, no. 2, pp. 85–105, Mar. [22] H. H. Olsson, H. Alahyari, and J. Bosch, “Climbing the ‘Stairway to
2018, doi: 10.1509/jm.16.0124. Heaven’ -- A Mulitiple-Case Study Exploring Barriers in the
[8] A. H. Juma’h and Y. Alnsour, “The effect of data breaches on Transition from Agile Development towards Continuous Deployment
company performance,” Int. J. Account. Inf. Manag., vol. 28, no. 2, of Software,” in 2012 38th Euromicro Conference on Software
pp. 275–301, Jan. 2020, doi: 10.1108/IJAIM-01-2019-0006. Engineering and Advanced Applications, 2012, pp. 392–399. doi:
[9] M. U. A. Khan and M. Zulkernine, “On selecting appropriate 10.1109/SEAA.2012.54.
development processes and requirements engineering methods for [23] D. Agrawal, S. Das, and A. El Abbadi, “Big data and cloud
secure software,” Proc. - Int. Comput. Softw. Appl. Conf., vol. 2, no. computing: Current state and future opportunities,” ACM Int. Conf.
November, pp. 353–358, 2009, doi: 10.1109/COMPSAC.2009.206. Proceeding Ser., pp. 530–533, 2011, doi: 10.1145/1951365.1951432.
[10] J. Ley, "Some work has been done to research Software Development [24] K. Alhamazani et al., “Cross-Layer Multi-Cloud Real-Time
Life Cycle (SDLC) as a structured framework utilized by Application QoS Monitoring and Benchmarking As-a-Service
organizations to guide the development process of an application from Framework,” IEEE Trans. Cloud Comput., vol. 7, no. 1, pp. 48–61,
the beginning to the end of its life cycle," *IEEE Access*, vol. 10, pp. 2019, doi: 10.1109/TCC.2015.2441715.
1234-1245, 2022.. [25] F. Buccafurri et al., “Analysis of QoS in cooperative services for real
[11] A. M. Rea-Guaman, I. D. Sánchez-García, T. S. Feliu, and J. A. time applications,” Data Knowl. Eng., vol. 67, no. 3, pp. 463–484,
Calvo-Manzano, “Maturity models in cybersecurity: A systematic 2008, doi: https://doi.org/10.1016/j.datak.2008.08.004.
review,” in 2017 12th Iberian Conference on Information Systems and [26] G. Sindre and A.L. Opdahl, “Eliciting security requirements with
Technologies (CISTI), 2017, pp. 1–6. doi: misuse cases,” Requirements Eng 10, 2005, pp. 34–44,
10.23919/CISTI.2017.7975865. https://doi.org/10.1007/s00766-004-0194-.
[12] S. Lipner, “The trustworthy computing security development

Authorized licensed use limited to: Universitas Indonesia. Downloaded on November 05,2024 at 06:42:26 UTC from IEEE Xplore. Restrictions apply.
214

You might also like