Angermeier, D.D.AngermeierNieding, A.A.NiedingEichler, J.J.Eichler2022-03-132022-03-132017https://publica.fraunhofer.de/handle/publica/40164410.1007/978-3-319-57858-3_72-s2.0-85018388610Assessing security-related risks in software or systems engineering is a challenging task: often, a heterogeneous set of distributed stakeholders creates a complex system of (software) components which are highly connected to each other, consumer electronics, or Internet-based services. Changes during development are frequent and must be evaluated and handled efficiently. Consequently, risk assessment itself becomes a complex task and its results must be comprehensible by all actors in the distributed environment. Especially, systematic and repeatable identification of security goals based on a model of the system under development (SUD) is not well-supported in established methods. Thus, we demonstrate how the systematic identification, merging, and validation of security goals based on a model of the SUD in a concrete implementation of our method Modular Risk Assessment (MoRA) supports security engineers to handle this challenge.en003005006518conference paper