Skip to main content
SpringerLink
Log in

Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods

  • Conference paper
Enterprise Interoperability II

Abstract

Information systems (IS) security within organizations is more and more focused around risk management approaches. Central to these approaches is the need for a better understanding of the required alignment between the business view of the organization and the architecture of its underlying IS. Through the use of requirements engineering techniques, the paper suggests how this business/IT interoperability issue is tackled together with the clarification of the underlying security risk management ontology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

8 References

  1. J.D. Moffett, C.B. Haley, and B. Nuseibeh, “Core Security Requirements Artefacts”, Technical Report Number 2004/23, Department of Computing, Open University, UK, 2004.

    Google Scholar 

  2. Direction Centrale de la Sécurité des Systèmes d’Information (DCSSI) (2004, February), Expression des Besoins et Identification des Objectifs de Sécurité (EBIOS), from http://www.ssi.gouv.fr/fr/confiance/ebios.html

    Google Scholar 

  3. ISO/IEC 17799:2005, Information Technology — Security techniques-Code of Practice for Information Security Management, Geneva, 2005.

    Google Scholar 

  4. Common Criteria for Information Technology Security Evaluation, Version 2.2 (2004), ISO 15408, from http://www.commoncriteriaportal.org

    Google Scholar 

  5. L. Lin, B. Nuseibeh, D. Ince, and M. Jackson, “Using Abuse Frames to Bound the Scope of Security Problems”, Proceedings of the 12th IEEE International Requirements Engineering Conference, IEEE Computer Society Press, Kyoto, Japan, 2004.

    Google Scholar 

  6. A. van Lamsweerde, and E. Letier, “Handling Obstacles in Goal-Oriented Requirements Engineering”, IEEE Transactions on Software Engineering, Special Issue on Exception Handling, Vol. 26 No. 10, October 2000.

    Google Scholar 

  7. L. Liu, E. Yu and J. Mylopoulos, “Security and Privacy Requirements Analysis within a Social Setting”, International Conference on Requirements Engineering (RE’03), Monterey, California, September 2003.

    Google Scholar 

  8. P. Gaunard, and E. Dubois, “Using Requirements Engineering Techniques for Bridging the Gap Between Risk Analysis and Security Policies”, 18th IFIP International Information Security Conference, Athens, Greece, May 2003.

    Google Scholar 

  9. L. Chung, B.A. Nixon, E. Yu, J. Mylopoulos, Non-Functional Requirements in Software Engineering, Kluwer Academic Publishers, Boston, 2000.

    MATH  Google Scholar 

  10. E. Dubois, N. Mayer, A. Rifaut, and V. Rosener, “Contributions méthodologiques pour l’amélioration de l’analyse des risques”, Les enjeux de la sécurité multimédia Vol.1 (traité IC2, série informatique et SI), Hermes, 2005. ISBN: 2-7462-1207-2

    Google Scholar 

  11. D.P. Gilliam, and M.S. Feather, “Security Engineering: Systems Engineering of Security through the Adaptation and Application of Risk Management”, INCOSE 2004-14th Annual International Symposium Proceedings, Toulouse, France, Jun 20–24 2004.

    Google Scholar 

  12. N. Mayer, A. Rifaut, and E. Dubois, “Towards a Risk-Based Security Requirements Engineering Framework”, 11th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ’05), in conjunction with CAiSE’05, Porto, Portugal, June 2005.

    Google Scholar 

  13. A. Osterwalder, and Y. Pigneur, “An ontology for e-business models”, Value Creation from E-Business Models, W. Currie, Butterworth-Heinemann, 2004.

    Google Scholar 

  14. M. Schmitt, B. Grégoire, S. Ramel, C. Incoul, P. Brimont, and E. Dubois. “If business models could speak! Efficient: a framework for appraisal, design and simulation of electronic business transactions”, International Conference on Enterprise Integration and Modelling Technology (ICEIMT’04), Toronto, October 2004.

    Google Scholar 

  15. J. Gordijn, V. Kartseva, J. Schildwacht, R.J. Wieringa and J.M. Akkermans, “Developing a Domain-Specific Cross-Organizational RE Method”, Proceedings of the 12th IEEE International Requirements Engineering Conference, M. Aoyama, Motoshi Saeki, Neil Maiden (eds), IEEE CS, Kyoto, Japan, 2004.

    Google Scholar 

  16. M. Lankhorst. et al., Enterprise Architecture at Work — Modelling, Communication and Analysis, Springer-Verlag, 2005. ISBN: 3-540-24371-2

    Google Scholar 

  17. B. van der Raadt, J. Gordijn, and E. Yu, “Exploring Web Services Ideas from a Business Value Perspective”, Proceedings of the 2005 13th IEEE International Conference on Requirements Engineering (RE’05), Joanne Atlee and Colette Roland (eds.), pp 53–62, IEEE CS, 2005.

    Google Scholar 

  18. M. Saeki, “Embedding Metrics into Information Systems Development Methods: An Application of Method Engineering Technique”, Proceedings of CAiSE’03 Conf., Springer Verlag, 2003, pp.374–389.

    Google Scholar 

  19. H. Mouratidis, P. Giorgini, G. Manson, “Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems”, Proceedings of the 15th Conference on Advance Information Systems (CAiSE’ 03), 16–20 June, Velden, Austria.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Public Research Centre Henri Tudor, 29, av. J. F.Kennedy, L-1855, Luxembourg, Kirchberg

    N. Mayer, E. Dubois & A. Rifaut

  2. Computer Science Department rue Grandgagnage, 21, University of Namur, B-5000, Namur, Belgique

    N. Mayer

Authors
  1. N. Mayer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. Dubois
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Rifaut
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. UNINOVA, New University of Lisbon, Quinta da Torre, 2829-516, Caparica, Portugal

    Ricardo J. Gonçalves PhD

  2. Institut für Informatik, Technische Universität Clausthal, Julius-Albert-Str. 4, 38678, Clausthal-Zellerfeld, Germany

    Jörg P. Müller (Dr. rer. nat., Dipl.-Inform.) (Dr. rer. nat., Dipl.-Inform.)

  3. Fraunhofer IPK, Pascalstr. 8-9, 10587, Berlin, Germany

    Kai Mertins (Dr.-Ing.) (Dr.-Ing.)

  4. CIMOSA Association e.V. at WZL Forum/ADITEC, Steinbachstr. 23, 52074, Aachen, Germany

    Martin Zelm (Dr. rer. nat., Dipl.-Phys.) (Dr. rer. nat., Dipl.-Phys.)

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag London Limited

About this paper

Cite this paper

Mayer, N., Dubois, E., Rifaut, A. (2007). Requirements Engineering for Improving Business/IT Alignment in Security Risk Management Methods. In: Gonçalves, R.J., Müller, J.P., Mertins, K., Zelm, M. (eds) Enterprise Interoperability II. Springer, London. https://doi.org/10.1007/978-1-84628-858-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-1-84628-858-6_2

  • Publisher Name: Springer, London

  • Print ISBN: 978-1-84628-857-9

  • Online ISBN: 978-1-84628-858-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation