The Enterprise Model Frame for Supporting Security Requirement Elicitation from Business Processes

Databases and Information Systems: 12th International Baltic Conference on Databases and Information Systems 2016
Mārīte Kirikova, Raimundas Matulevičius, Kurt Sandkuhl

It is generally accepted that security requirements have to be elicited as early as possible to avoid later rework in the systems development process. One of the reasons for difficulties of early detection of security requirements is the complexity of security requirements identification. In this paper we propose an extension of the method for security requirements elicitation from business processes (SREBP). The extension includes the application of the enterprise model frame to capture enterprise views and relationships of the analysed system assets. Although the proposal was used in some practical settings, the main goal of this work is conceptual discussion of the proposal. Our study shows that (i) the enterprise model frame covers practically all concepts of the information security related definitions, and that (ii) the use of the frame with the SREBP method complies with the common enterprise modeling and enterprise architecture approaches.

Keywords
Security requirements elicitation, Business process models, Enterprise modelin
DOI
10.1007/978-3-319-40180-5_16
Hyperlink
http://link.springer.com/chapter/10.1007%2F978-3-319-40180-5_16

Kirikova, M., Matulevičius, R., Sandkuhl, K. The Enterprise Model Frame for Supporting Security Requirement Elicitation from Business Processes. In: Databases and Information Systems: 12th International Baltic Conference on Databases and Information Systems, Latvia, Riga, 4-6 July, 2016. Cham: Springer International Publishing, 2016, pp.229-241. ISBN 978-3-319-40179-9. e-ISBN 978-3-319-40180-5. ISSN 1865-0929. Available from: doi:10.1007/978-3-319-40180-5_16

Publication language
English (en)