A Method for Eliciting Security Requirements from the Business Process Models
نویسندگان
چکیده
In recent years, the business process modelling is matured towards expressing enterprise’s organisational behaviour (i.e., business values and stakeholder interests). This shows potential to perform early security analysis to capture enterprise security needs. Traditionally, security in business processes is addressed either by representing security concepts graphically or by enforcing these security constraints. However, these approaches miss the elicitation of security needs and their translation to security requirements for system-to-be. This paper proposes a method to elicit security objectives from business process models and translate them to security requirements. The method enables early security analysis and allows developers not only to understand how to protect secure business assets, but it also contributes to alignment of the business processes with the technology that supports the execution of the business processes.
منابع مشابه
SREBP: Security Requirement Elicitation from Business Processes
In today's fast and dynamic environment, business processes play a crucial role for enterprises to gain competitiveness. The traditional approaches in business process domain tend to focus on business processes execution and their improvement. At the same time business process modelling maturity towards expressing the enterprise's organisational perspective (business values and stake-holders in...
متن کاملContextualizing Security Goals: A Method for Multilateral Security Requirements Elicitation
In networked environments, the importance of eliciting security requirements as part of the process of requirements elicitation is increasing. Yet, it is difficult to articulate what security requirements are and how they can be elicited and implemented in the system. Few security requirements elicitation methods deal with the security needs of the end-users in specific contexts towards other e...
متن کاملEliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
Although importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a twostep method for (i) pattern occurrence discovery ...
متن کاملA Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain
Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud’s scalable and flexible IT-resources. The benefits are of particular interest for SME’s. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud c...
متن کاملApplication of the Enterprise Model Frame for Security Requirements and Control Identification
It is generally accepted that security requirements have to be identified as early as possible to avoid later rework in the systems development process. However, in practice quite often security aspects are considered either at the later stages of development cycles (increments in agile projects) or addressed only when problems arise. One of the reasons for difficulties of early detection of se...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014