ABSTRACT
A standards-based information security methodologies integral engineering (ISIE) technique is proposed that makes it possible to develop reliable and multipurpose procedural foundation for solving a wide range of theoretical and practical information security problems. The main technique matter concerns designing a generalized primary (root) semiformal (DFD and UML) domain models system that serves as the source for a wide range of secondary (derived) models for particular information security problems.
Within the ISIE framework, the derived models are obtained from the root model by extracting the necessary (for a given particular problem) partial model and its subsequent regulated modification: supplement, generalization, evolving etc. With these operations, the derived models, in general, remain coordinated with the root model and the corresponding IS standard that ensures the possibility of reuse of every particular derived model in other tasks.
The application of the proposed technique in several specific information security organizational problems is discussed, alongside with some logical schemes of common engineering operations.
- Białas, A. The ISMS Business Environment Elaboration Using a UML Approach In Software Engineering: Evolution and Emerging Technologies, K. Zieliński, T. Szmuc, Eds. IOS Press, Amsterdam, 99--110. Google ScholarDigital Library
- Białas, A. A Semiformal Approach to the Security Problem of the Target of Evaluation (TOE) Modeling. In Proceedings of the 2006 International Conference on Security & Management, SAM 2006, Las Vegas, Nevada, USA, June 26-29, 2006, 118--125. DOI= http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.89.6265Google Scholar
- Białas, A. Semiformal Approach to the IT Security Development In Proceedings of the International Conference on Dependability of Computer Systems DepCoS-RELCOMEX 2007, IEEE Computer Society, Los Alamitos, Washington, Tokyo, 3--11. DOI= http://doi.ieeecomputersociety.org/10.1109/DEPCOS-RELCOMEX.2007.43 Google ScholarDigital Library
- Peralta, K. P., Orozco, A. M., and Zorzo, A. F. Specifying Security Aspects in UML Models. In ACM/IEEE 11th International Conference on Model Driven Engineering Languages and Systems, 2008, Toulouse, França. Proceedings of the Workshop on Modeling Security (MODSEC08), 2008. v. 1, 1--10. DOI= http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.142.7462Google Scholar
- Mayer, N., Dubois, E., Matulevicius, R. and Heymans P. Towards a Measurement Framework for Security Risk Management. In ACM/IEEE 11th International Conference on Model Driven Engineering Languages and Systems, 2008, Toulouse, França. Proceedings of the Workshop on Modeling Security (MODSEC08), 2008. v. 1, 151--160. DOI= http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.142.8604Google Scholar
- Zaycev, O. E and Lyubimov, A. V. A technique of information technology security evaluation functional modeling according to Common Criteria. In Scientific and technical bulletin of Saint-Petersburg State University of Information Technologies, Mechanics and Optics, Vol. 56, ISSN 1819-222X, 3--9. (in Russian).Google Scholar
- Lyubimov, A. V. and Sukhanov, A. V. Semiformal models of information security standards. Information security issues No. 2 (81), 2008, ISSN 2073-2600, 52--57. (in Russian).Google Scholar
- Fedorchenko, L. N. and Zabolotsky, V. P. A linguistic toolbox for solving information security problems. Information security problems. Computer systems. No. 1, 2009, ISSN 2071-8217, 58--64. (in Russian).Google Scholar
- Lyubimov, A. V. Information security standards engineering: practical aspects. In Proceedings of XI International Conference "Regional informatics-2008" ("RI-2008"), St. Petersburg, Russia, October 22-24, 2008, ISBN 978-5-904030-11-7, 104. (in Russian).Google Scholar
- Cheremushkin, D. V. ISO/IEC 27000 standard series refinement on the basis of ISMS dictionary object model. In Proceedings of Young Scientists Conference, Issue 6, Saint-Petersburg, Russia, 2009, ISSN 978-5-7577-0335-0, 43--48. (in Russian).Google Scholar
- Shusticov, S. V. and Nekrasova E. A. Information security management system establishment by the use of functional models. In Proceedings of VI Saint-Petersburg Interregional Conference Information Security of Russian Regions (IBRR-2009), St. Petersburg, October 28-30, 2009, ISBN 978-5-904031-05-3, 67.Google Scholar
- Cheremushkin D. V. and Potravnov A. S. Functional modeling of risk management process in compliance with ISO/IEC 27005:2008 standard. In Proceedings of VI St.-Petersburg Interregional Conference "Information Security of Russian Regions (ISRR-2009)", St. Petersburg, Russia, October 28-30, 2009, 76. (in Russian).Google Scholar
- Zaycev, O. E. Common Criteria functional model application technique and supporting software tool. In Proceedings of Young Scientists Conference, Issue 6, Saint-Petersburg, Russia, 2009, ISSN 978-5-7577-0335-0, 20--25. (in Russian).Google Scholar
- Lyubimov, A. V. Structural modeling of information security standards. In Proceedings of V St. Petersburg Interregional Conference "Information Security of Russian Regions-2007" ("ISSR-2007"), St. Petersburg, Russia, October 23-25, 2007, ISBN 978-5-85546-379-8, 123--127. (in Russian).Google Scholar
Index Terms
- Integral engineering technique for information security methodologies
Recommendations
An application of integral engineering technique to information security standards analysis and refinement
SIN '10: Proceedings of the 3rd international conference on Security of information and networksThe work demonstrates practical application of information security integral engineering technique to solve standards analysis and refinement problem. The application was exemplified by the development and analysis of the ISMS standards (ISO/IEC 27000 ...
Meta Model Approach for Mediation
COMPSAC '03: Proceedings of the 27th Annual International Conference on Computer Software and ApplicationsIn this work, we discuss how to interpret traditionalData Flow Diagram (DFD) by Unified Modeling Language(UML) for the purpose of integrating legacy systems withmodern systems. To do that we introduce DFD meta modelby using UML class diagrams and Object ...
Standardization in information security management
The paper describes the state of the art in the standardization in information security management. The requirements to the standards being developed, the types of standards, and the principles to adhere to are discussed. The study is based on the ...
Comments