Eliciting security requirements for business processes using patterns

Proceedings of the 9th International Workshop on Security in Information Systems, WOSIS 2012, in Conjunction with ICEIS 2012

Volumn , Issue , 2012, Pages 49-58

  Ahmed, Naved ^a   Matulevičius, Raimundas ^a   Khan, Naiad Hossain ^a  

^a UNIVERSITY OF TARTU   (Estonia)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS MODELS; BUSINESS PROCESS; BUSINESS PROCESS MODELLING; DEVELOPMENT STAGES; SECURITY ENGINEERING; SECURITY REQUIREMENTS; SECURITY RISKS; SECURITY SOLUTIONS;

SECURITY SYSTEMS;

INFORMATION SYSTEMS;

EID: 84865692876     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (18)

1. Common attack pattern enumeration and classification, available at http://capec.mitre.org/data/definitions/94.html
2. DCSSL EBIOS expression of needs and identification of security objectives (2004), available at http://www.bsi.de/english/gshb/manual/download/index.html
3. ENISA -inventory of risk assessment and risk management methods (2004)
4. Ahmed, N., Matulevičius, R.: A template of security risk patterns for business processes. In: Perspectives in Business Informatics Research, Riga, Latvia. pp. 123-130. Riga Technical University (2011)
5. Altuhhova, O., Matulevičius, R., Ahmed, N.: Towards Definition of Secure Business Processes. In: M. Bajec and J. Eder (Eds.): CAiSE 2012 Workshops, LNBIP 112. pp. 1-15. Springer-Verlag (2012)
6. Braber, F., Hogganvik, I., Lund, M. S., Stølen, K., Vraalsen, F.: Model-based security analysis in seven steps-a guided tour to the coras method. BT Technology Journal 25, 101-117 (2007)
7. Devanbu, P. T., Stubblebine, S.: Software engineering for security: a roadmap. In: The Future of Software Engineering. pp. 227-239. ACM Press (2000)
8. Dubois, E., Heymans, P., Mayer, N.and Matuleviv̧ius, R.: A systematic approach to define the domain of information system security risk management. In: Intentional Perspectives on IS Engg., pp. 289-306. Springer (2010)
9. Elahi, G., Yu, E.: A goal oriented approach for modeling and analyzing security trade-offs. Security 4801(7), 375-390 (2007)
10. Firesmith, D.: Engineering safety and security related requirements for software intensive systems. In: Software Engineering - Companion. ICSE 2007 Companion. 29th International Conference on. p. 169. IEEE Computer Society (2007)
11. Jürjens, J.: Secure systems development with UML. Springer (2005)
12. Khan, N. H., Ahmed, N., Matulevičius, R.: Security Risk Oriented Patterns. Tech. rep., University of Tartu, Department of Computer Sciences (04 2012), http://www.cs.ut.ee/-naved/Security Risk Oriented Patterns.pdf
13. Paja, E., Giorgini, P., Paul, S., Meland, P. H.: Security requirements engineering for business processes. In: Perspectives in Business Informatics Research, Riga, Latvia. pp. 163-170. Riga Technical University (2011)
14. Pavlovski, C. J., Zou, J.: Non-functional requirements in business process modeling. In: Proceedings of the 5th Asia-Pacific conf. on Conceptual Modelling. pp. 103-112. APCCM, Australian Computer Society, Inc. (2008)
15. Rodríguez, A., Fernández-Medina, E., Piattini, M.: A bpmn extension for the modeling of security requirements in business processes. IEICE - Trans. Inf. Syst. 90-D(4), 745-752 (2007)
16. Röhrig, S., Knorr, K.: Security analysis of electronic business processes. Electronic Commerce Research 4(1-2), 59-81 (2004)
17. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering (2006)
18. Tsipenyuk, K., Chess, B., McGraw, G.: Seven pernicious kingdoms: A taxonomy of software security errors. IEEE Security & Privacy 3(6), 81-84 (2005)