"The software must be secure!" you hear your customer say.

Yeah, sure...!

But what does "secure" even mean?

Secure with regard to which security goals?

What are "security goals" anyway?

This presentation will demonstrate a proven approach for architects, developers, domain experts and business stakeholders to use when jointly developing security requirements and efficiently translating them into concrete development and testing tasks. You will also learn how to take a holistic view of information security and data protection.

Target Audience: Architects, product managers, developers. Anyone interested in security engineering
Prerequisites:Some basic knowledge about (quality) requirements analysis is needed
Level: Practicing

Extended Abstract:
"The software must be secure!" you hear your customer say.

Yeah, sure...!

But what does "secure" even mean?

Secure with regard to which security goals?

What are "security goals" anyway?

Security requirements are often expressed in an undifferentiated and generalised way. What is needed is a clear, detailed and well-founded analysis of the protection requirements. So, how can this be achieved?

How can we determine which protective measures are required in which part of the system and which parts are not affected?

How does data protection (GDPR) fit into this picture? Why should data protection aspects be considered together with information security?

This presentation will demonstrate a proven approach for architects, developers, domain experts and business stakeholders to use when jointly developing security requirements and efficiently translating them into concrete development and testing tasks. You will also learn how to take a holistic view of information security and data protection, thereby saving time and money.