Cybersecurity Engineering Research: Security Quality Requirements Engineering (SQUARE) Collection
• Collection
Publisher
Software Engineering Institute
Abstract
Security Quality Requirements Engineering (SQUARE) is a nine-step process that helps organizations build security, including privacy, into the early stages of the production lifecycle. Instructional materials are available for download that can be used to teach the SQUARE method.
Using SQUARE can enable your organization to develop more secure, survivable software and systems, more predictable schedules and costs, and achieve lower costs.
SQUARE for Privacy, or P-SQUARE, is available for free to help you use the SQUARE process for security, privacy, or both.
SQUARE for Acquisition, or A-SQUARE, is available for free to help stakeholders, requirements engineers, and contractors/vendors, for a variety of acquisition cases.
See the following publications for more information about SQUARE and SQUARE tools:
Collection Items
Security Quality Requirements Engineering (SQUARE)
• Collection
By Software Engineering Institute
This collection describes SQUARE, a process that helps organizations build security into the early stages of the production lifecycle.
Learn More
Security Quality Requirements Engineering (SQUARE) Fact Sheet
• Fact Sheet
By Software Engineering Institute
SQUARE helps organizations build security, including privacy, into the early stages of the production lifecycle.
Learn More
Security Requirements Engineering
• Webcast
By Christopher J. Alberts
Learn the importance of developing security requirements in the same time frame as functional requirements.
Watch
Security Requirements Engineering
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead how a systematic approach to security requirements engineering helps to avoid problems.
Read
An Evaluation of A-SQUARE for COTS Acquisition
• Technical Note
By Sidhartha Mani, Nancy R. Mead
An evaluation of the effectiveness of Software Quality Requirements Engineering for Acquisition (A-SQUARE) in a project to select a COTS product for the advanced metering infrastructure of a smart grid.
Read
Teaching Security Requirements Engineering Using SQUARE
• White Paper
By Dan Shoemaker (University of Detroit Mercy), Jeff Ingalsbe (University of Detroit Mercy), Nancy R. Mead
In this paper, the authors detail the validation of a teaching model for security requirements engineering that ensures that security is built into software.
Read
Measuring the Software Security Requirements Engineering Process
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead describes a measurement approach to security requirements engineering to analyze projects that were developed with and without SQUARE.
Read
Combining Security and Privacy in Requirements Engineering
• Book Chapter
By Saeed Abu-Nimeh (Damballa), Nancy R. Mead
In this book chapter, the authors present SQUARE, a security requirements approach, privacy requirement elicitation, and security risk assessment techniques.
Read
Software Security Engineering: A Guide for Project Managers (white paper)
• White Paper
By Gary McGraw, Julia H. Allen, Nancy R. Mead, Robert J. Ellison, Sean Barnum
In this guide, the authors discuss our reliance on software and systems that use the internet or internet-exposed private networks.
Read
Security Requirements Reusability and the SQUARE Methodology
• Technical Note
By Travis Christian, Nancy R. Mead
In this report, the authors discuss how security requirements engineering can incorporate reusable requirements.
Read
Adapting the SQUARE Process for Privacy Requirements Engineering
• Technical Note
By Ashwini Bijwe (Carnegie Mellon University), Nancy R. Mead
In this 2010 report, the authors explore how the SQUARE process can be adapted for privacy requirements engineering in software development.
Read
Adapting the SQUARE Method for Security Requirements Engineering to Acquisition
• White Paper
By Nancy R. Mead
In this paper, Nancy Mead adapts the SQUARE process for security requirements engineering to different acquisition situations.
Read
Novel Methods of Incorporating Security Requirements Engineering into Software Engineering Courses
• Book Chapter
By Nancy R. Mead, Dan Shoemaker (University of Detroit Mercy)
In this book chapter, the authors describe methods of incorporating security requirements engineering into software engineering courses and curricula.
Read
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Information Security and Ethics
• Book Chapter
By Nancy R. Mead
In this book chapter, Nancy Mead describes issues in developing security requirements, useful methods, including details about the SQUARE method.
Read
Incorporating Security Quality Requirements Engineering (SQUARE) into Standard Life-Cycle Models
• Technical Note
By Nancy R. Mead, Venkatesh Viswanathan, Deepa Padmanabhan, Anusha Raveendran
In this 2008 report, the authors describe how SQUARE can be incorporated into standard lifecycle models for security-critical projects.
Read
Software Security Engineering: A Guide for Project Managers (book)
• Book
By Julia H. Allen, Sean Barnum, Robert J. Ellison, Gary McGraw, Nancy R. Mead
In this book, the authors provide sound practices likely to increase the security and dependability of your software during development and operation.
Read
Lessons Learned Applying the Mission Diagnostic
• Technical Note
By Audrey J. Dorofee, Lisa Marino, Christopher J. Alberts
This technical note describes the adaptation of the Mission Diagnostic (MD) necessary for a customer and the lessons we learned from its use.
Read
How To Compare the Security Quality Requirements Engineering (SQUARE) Method with Other Methods
• Technical Note
By Nancy R. Mead
In this 2007 report, Nancy Mead describes SQUARE, and outlines other methods used for identifying security requirements.
Read
Considering Operational Security Risk During System Development
• Article
By Carol Woody, Christopher J. Alberts
In this article, the authors examine OCTAVE, an operational security-risk methodology, and apply it to security-related risks during system development.
Read
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method - Integrating Security and Software Engineering
• Book Chapter
By Nancy R. Mead
In this book chapter, Nancy Mead describes the SQUARE method, which can be used to elicit, analyze, and document security requirements for software systems.
Read
Security Quality Requirements Engineering (SQUARE): Case Study Phase III
• Special Report
By Lydia Chung, Frank Hung, Eric Hough, Don Ojoko-Adams, Nancy R. Mead
In this report, the authors present their results of using SQUARE when working with three clients over the course of a semester.
Read
Security Quality Requirements Engineering Technical Report
• Technical Report
By Nancy R. Mead, Eric Hough, Ted Stehney II
In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.
Read
SQUARE Frequently Asked Questions (FAQ)
• White Paper
By Software Engineering Institute
This paper contains information about SQUARE, a process that helps organizations build security into the early stages of the software production lifecycle.
Read
CERT SQUARE for Acquisition (A-SQUARE)
• Software
By Software Engineering Institute
SQUARE-A is designed for stakeholders, requirements engineers, and contractors/vendors to use in acquisitions and provides documentation support for a variety of use cases.
Download
CERT SQUARE for Privacy (P-SQUARE)
• Software
By Software Engineering Institute
P-SQUARE was designed for stakeholders, requirements engineers, and administrators and supports the security and privacy aspects of SQUARE.
DownloadPart of a Collection
Cybersecurity Engineering Research Collection