The Enterprise Model Frame for Supporting Security Requirement Elicitation from Business Processes
Databases and Information Systems: 12th International Baltic Conference on Databases and Information Systems
2016
Mārīte Kirikova,
Raimundas Matulevičius,
Kurt Sandkuhl
It is generally accepted that security requirements have to be elicited as early as possible to avoid later rework in the systems development process. One of the reasons for difficulties of early detection of security requirements is the complexity of security requirements identification. In this paper we propose an extension of the method for security requirements elicitation from business processes (SREBP). The extension includes the application of the enterprise model frame to capture enterprise views and relationships of the analysed system assets. Although the proposal was used in some practical settings, the main goal of this work is conceptual discussion of the proposal. Our study shows that (i) the enterprise model frame covers practically all concepts of the information security related definitions, and that (ii) the use of the frame with the SREBP method complies with the common enterprise modeling and enterprise architecture approaches.
Atslēgas vārdi
Security requirements elicitation, Business process models, Enterprise modelin
DOI
10.1007/978-3-319-40180-5_16
Hipersaite
http://link.springer.com/chapter/10.1007%2F978-3-319-40180-5_16
Kirikova, M., Matulevičius, R., Sandkuhl, K. The Enterprise Model Frame for Supporting Security Requirement Elicitation from Business Processes. No: Databases and Information Systems: 12th International Baltic Conference on Databases and Information Systems, Latvija, Riga, 4.-6. jūlijs, 2016. Cham: Springer International Publishing, 2016, 229.-241.lpp. ISBN 978-3-319-40179-9. e-ISBN 978-3-319-40180-5. ISSN 1865-0929. Pieejams: doi:10.1007/978-3-319-40180-5_16
Publikācijas valoda
English (en)