Abstract
Capability Driven Development (CDD) is a capability-based method for developing context-aware and adaptive systems. This paper proposes to extend CDD to address security and resilience concerns in organizational networks. A method extension defining modeling concepts and development procedure is elaborated. It includes development of a data-driven digital twin, which represents the security and resilience concerns of the network and is used to diagnose security incidents and to formulate a resilient response to these incidents. Application of the proposed method extension is illustrated using examples of secure computer network governance and secure supplier onboarding.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Uday, P., Marais, K.: Designing resilient systems-of-systems: a survey of metrics, methods, and challenges. Syst. Eng. 18(5), 491–510 (2015)
World Economic Forum. Advancing Cyber Resilience Principles and Tools for Boards (2017)
Kshetri, N., Voas, J.M.: Supply chain trust. IT Prof. 21(2), 6–10 (2019)
Madnick, S.: 5G security concerns persist with new research pointing to critical flaw (2019). https://www.itpro.co.uk/mobile/32893/
Sandkuhl, K., Stirna, J.: Capability thinking. In: Sandkuhl, K., Stirna, J. (eds.) Capability Management in Digital Enterprises, pp. 1–24. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-90424-5_1
Berziša, S., et al.: Capability driven development: an approach to designing digital enterprises. Bus. Inf. Syst. Eng. 57(1), 15–25 (2015)
Goldkuhl, G., Lind, M., Seigerroth, U.: Method integration: the need for a learning perspective. IEE Proc. Softw. 145(4), 113–118 (1998)
Grabis, J., Stirna, J., Zdravkovic, J.: Capability management in resilient ICT supply chain ecosystems. In: Proceedings of the 22nd International Conference on Enterprise Information Systems ICEIS, no. 2, pp. 393–400 (2020)
Grabis, J., Kampars, J.: Adjustment of capabilities: how to add dynamics. In: Sandkuhl, K., Stirna, J. (eds.) Capability Management in Digital Enterprises, pp. 139–158. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-90424-5_8
Sandkuhl, K., Stirna, J.: Capability Management in Digital Enterprises. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-90424-5
Kampars, J., Zdravkovic, J., Stirna, J., Grabis, J.: Extending organizational capabilities with open data to support sustainable and dynamic business ecosystems. Softw. Syst. Model. 19(2), 371–398 (2019). https://doi.org/10.1007/s10270-019-00756-7
Eckhart, M., Ekelhart, A., Weippl, E.: Enhancing cyber situational awareness for cyber-physical systems through digital twins. In: IEEE International Conference on Emerging Technologies and Factory Automation, 1222 (2019)
Minkevics, V., Kampars, J.: IS security governance capability design for higher education organization. In: Proceedings of 59th International Scientific Conference on Information Technology and Management Science of Riga Technical University, ITMS 2018, pp. 1–5 (2018)
Minkevics, V., Kampars, J.: Methods, models and techniques to improve information system's security in large organizations. In: Proceedings of the 22nd International Conference on Enterprise Information Systems ICEIS, no. 1, pp. 632–639 (2020)
Grabis, J., Chandra, C., Kampars, J.: Use of distributed data sources in facility location. Comput. Ind. Eng. 63(4), 855–863 (2012)
De Reuver, M., Sørensen, C., Basole, R.C.: The Digital platform: a research agenda. J. Inf. Technol. 33(2), 124–135 (2018)
Mouratidis, H., Argyropoulos, N., Shei, S.: Security requirements engineering for cloud computing: the secure Tropos approach. In: Karagiannis, D., Mayr, H., Mylopoulos, J. (eds.) Domain-Specific Conceptual Modeling: Concepts, Methods and Tools, pp. 357–380. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39417-6_16
Elahi, G., Yu, E.: Modeling and analysis of security trade-offs - a goal oriented approach. Data Knowl. Eng. 68(7), 579–598 (2009)
Athinaiou, M., Mouratidis, H., Fotis, T., Pavlidis, M., Panaousis, E.: Towards the definition of a security incident response modelling language. In: Furnell, Steven, Mouratidis, Haralambos, Pernul, Günther. (eds.) TrustBus 2018. LNCS, vol. 11033, pp. 198–212. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98385-1_14
Byers, D., Shahmehri, N.: Unified modeling of attacks, vulnerabilities and security activities. In: Proceedings - International Conference on Software Engineering, p. 36 (2010)
Lu, T., Guo, X., Xu, B., Zhao, L., Peng, Y., Yang, H.: Next big thing in big data: the security of the ICT supply chain. In: Proceedings - SocialCom/PASSAT/BigData/EconCom/BioMedCom 2013, p. 1066 (2013)
Fiksel, J.: Designing resilient, sustainable systems. Environ. Sci. Technol. 37(23), 5330–5339 (2003)
Bodeau, D., Graubart, R.: Cyber resiliency design principles, pp. 1–90. Technical report, Report No: 17-0103. The MITRE Corporation, United States, January 2017
Korpela, K., Kuusiholma, U., Taipale, O., Hallikas, J.: A framework for exploring digital business ecosystems. In: 46th Annual Hawaii International Conference on System Sciences HICSS 2013, pp. 3838–3847. Institute of Electrical and Electronics Engineers Inc. (2013)
Ross, R., Pillitteri, V., Graubart, R., Bodeau, B., McQuaid, R.: Developing. Cyber Resilient Systems: A Systems Security Engineering Approach. SP 800-160, vol. 2 (2019). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2.pdf. Accessed 28 May 2020
Haque, Md.A., Kamdem De Teyou, G., Shetty, S., Krishnappa, B.: Cyber resilience framework for industrial control systems: concepts, metrics, and insights. In: Proceedings of IEEE International Conference on Intelligence and Security Informatics Conference, ISI. IEEE (2018). https://doi.org/10.1109/ISI.2018.8587398
Kritzinger, W., Karner, M., Traar, G., Henjes, J., Sihn, W.: Digital Twin in manufacturing: a categorical literature review and classification. IFAC-PapersOnLine 51(11), 1016–1022 (2018)
Murphy, A., et al.: Representing financial data streams in digital simulations to support data flow design for a future Digital Twin. Robot. Comput.-Integr. Manuf. 61, 101853 (2020)
Acknowledgments
This research is partially funded by the Ministry of Education and Science, Republic of Latvia, project ARTSS, project No. VPP-COVID-2020/1–0009.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Grabis, J., Stirna, J., Zdravkovic, J. (2021). A Capability Based Method for Development of Resilient Digital Services. In: Filipe, J., Śmiałek, M., Brodsky, A., Hammoudi, S. (eds) Enterprise Information Systems. ICEIS 2020. Lecture Notes in Business Information Processing, vol 417. Springer, Cham. https://doi.org/10.1007/978-3-030-75418-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-75418-1_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75417-4
Online ISBN: 978-3-030-75418-1
eBook Packages: Computer ScienceComputer Science (R0)