Design of a Modelling Language for Information System Security Risk Management
نویسندگان
چکیده
Nowadays, security has become one of the most demanded characteristics of information systems. However, the ways to address information systems security still lack consensus and integration. On the one hand, researchers have extended various modelling languages and methods with security-oriented constructs in order to take security concerns into account throughout the development lifecycle. On the other hand, practitioners have developed risk management methods to help estimate the relative importance of security risks and the costeffectiveness of solutions to tackle them. They are mainly driven by security standards that help practitioners assess and improve the security level of their organisations. Obviously, those two families of approaches should be unified so as to maximise the return on investment of implementing security requirements, and thereby align business and information technology concerns related to security. This is the challenge that our research aims to address. This paper presents a research agenda and describes the first steps that were undertaken to achieve it: an alignment of the terminology in the risk management literature and the elaboration of a conceptual model of the risk management domain. Those results will then be inputs for the next phases, which aim to integrate security and risk management concepts in information system development methods.
منابع مشابه
AN INTELLIGENT INFORMATION SYSTEM FOR FUZZY ADDITIVE MODELLING (HYDROLOGICAL RISK APPLICATION)
In this paper we propose and construct Fuzzy Algebraic Additive Model, for the estimation of risk in various fields of human activities or nature’s behavior. Though the proposed model is useful in a wide range of scientific fields, it was designed for to torrential risk evaluation in the area of river Evros. Clearly the model’s performance improves when the number of parameters and the actual d...
متن کاملAdapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development
Security is a major target for todays information systems (IS) designers. Security modelling languages exist to reasoning on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect...
متن کاملSyntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management
The need to consider security from the early stages of the development process of information systems has been argued by academics and industrialists alike, and security risk management has been recognised as one of the most prominent techniques for eliciting security requirements. However, although existing security modelling languages provide some means to model security aspects, they do not ...
متن کاملDeveloping a Risk Management Model for Banking Software Development Projects Based on Fuzzy Inference System
Risk management is one of the most influential parts of project management that has a major impact on the success or failure of projects. Due to the increasing use of information technology (IT) systems in all fields and the high failure rate of IT projects in software development and production, it is essential to effectively manage these projects is essential. Therefore, this study is aimed t...
متن کاملA Comparison of Security Modelling Languages used for Security Risk Management
Nowadays, every company that has valuable assets has an urge to protect them. Unfortunately, it is impossible to act on every single security threat. To mitigate these threats Security Modelling Languages were extended to use for Security Risk Management. However, choosing suitable language can be a difficult decision, because it can be a problem to compare those languages and decide which one ...
متن کامل