Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
نویسندگان
چکیده
Although importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a twostep method for (i) pattern occurrence discovery in, and (ii) for security requirements definition from the business process model. We hope that our proposal could help elicit security requirements at the early system development stages, however, we still need to validate it empirically. !!! Zusammenfassung Dieser Beitrag fokussiert auf die Nutzung von riskorientierter Muster zur Erhebung von Sicherheitsanforderungen. Er stellt ein zweistufiges Verfahren für (i) die Entdeckung risk-orientierter Muster in Geschäftsprozessen und (ii) ihre Definition vor.
منابع مشابه
A Method for Eliciting Security Requirements from the Business Process Models
In recent years, the business process modelling is matured towards expressing enterprise’s organisational behaviour (i.e., business values and stakeholder interests). This shows potential to perform early security analysis to capture enterprise security needs. Traditionally, security in business processes is addressed either by representing security concepts graphically or by enforcing these se...
متن کاملA Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain
Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud’s scalable and flexible IT-resources. The benefits are of particular interest for SME’s. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud c...
متن کاملSREBP: Security Requirement Elicitation from Business Processes
In today's fast and dynamic environment, business processes play a crucial role for enterprises to gain competitiveness. The traditional approaches in business process domain tend to focus on business processes execution and their improvement. At the same time business process modelling maturity towards expressing the enterprise's organisational perspective (business values and stake-holders in...
متن کاملKey Issues of a Formally Based Process Model for Security Engineering
In this paper we outline a new process model for security engineering. This process model extends object oriented, use case oriented software development by systematic security requirements elicitation and realization. In particular, we integrate the modeling of security requirements, threat and risk analysis on the one hand with the modeling of business processes, use cases and the constructio...
متن کاملIntegration of IT-Security Aspects into Information Demand Analysis and Patterns
Information logistics in general addresses demand-oriented information supply in organizations. IT-security has not received much attention in information logistics research. However, integration of security aspects into information logistics methods could be useful for application contexts with strong security requirements. As a contribution to this aspect, the paper investigates the possibili...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- it - Information Technology
دوره 55 شماره
صفحات -
تاریخ انتشار 2013