On the Intertwining of Quality and Security Risk Management in Information Systems

The proper dealing with quality and security risks is critical for a successful ongoing operation and evolution of an information system. However, both quality and risks are strongly intertwined and have to be considered in tandem. In this talk, we show how quality and security risks in information system development and evolution are related. This leads us to develop a quality-based security risk taxonomy and security risk breakdown structure that can be used as a generic tool to identify security risks while developing or maintaining an information system.


Dr. Kassem A. Saleh received his BSc, MSc, and PhD in Computer Science from the University of Ottawa in Canada. Dr. Saleh worked as a Software Design Engineer at Northern Telecom in 1984 and then as a Computer Systems Specialist at Mediatel, Bell Canada, from 1985 to 1991. Kassem was on the faculty of Concordia University in 1992, Kuwait University from 1992 to 2000, and the American University of Sharjah from 2000 to 2007. He is currently Professor in Information Sciences at Kuwait University. His research interests include software engineering, information security, quality and risk management and project management. Dr. Saleh has published more than 130 refereed journal and conference papers and one textbook and has presented numerous tutorials and lectures at international conferences and universities. Dr Saleh holds professional certifications in software engineering (CSEM), information security (CISSP), project (PMP) and risk management (PMP-RMP), quality and software quality engineering (CQE, CSQE) and business analysis (PMP-BA).