The Enterprise Model Frame for Supporting Security Requirement Elicitation from Business Processes
2016 (English)In: 12th International Baltic Conference, DB&IS 2016, July 4-6, 2016. / [ed] Guntis Arnicans, Vineta Arnicane, Juris Borzovs, Laila Niedrite, Springer, 2016, Vol. 615, 229-241 p.Conference paper (Refereed)
It is generally accepted that security requirements have to be elicited as early as possible to avoid later rework in the systems development process. One of the reasons for difficulties of early detection of security requirements is the complexity of security requirements identification. In this paper we propose an extension of the method for security requirements elicitation from business processes (SREBP). The extension includes the application of the enterprise model frame to capture enterprise views and relationships of the analysed system assets. Although the proposal was used in some practical settings, the main goal of this work is conceptual discussion of the proposal. Our study shows that (i) the enterprise model frame covers practically all concepts of the information security related definitions, and that (ii) the use of the frame with the SREBP method complies with the common enterprise modeling and enterprise architecture approaches.
Place, publisher, year, edition, pages
Springer, 2016. Vol. 615, 229-241 p.
Communications in Computer and Information Science, ISSN 1865-0929
Security requirements elicitation, Business process models, Enterprise modeling
IdentifiersURN: urn:nbn:se:hj:diva-34922DOI: 10.1007/978-3-319-40180-5_16ISI: 000389806000016ScopusID: 2-s2.0-84978945252ISBN: 978-3-319-40179-9 (print)ISBN: 978-3-319-40180-5 (electronic)OAI: oai:DiVA.org:hj-34922DiVA: diva2:1070536
Databases and Information Systems, DB&IS