E-BUSINESS SECURITY DESIGN USING PROCESS SECURITY REQUIREMENTS SEPTET

S. Nachtigal

2007

Abstract

In the e-business environment, the traditional business models for information systems security are no longer appropriate, and fit neither the new organisational environment nor the new organisational security needs. Existing security tools and mechanisms, developed upon the traditional perimeter security paradigm, and based on hardware and software products, are not sufficient since they do not relate to specific parameters that characterise the business process. The modern business environment needs different security approach. Based on such a new approach, which is e-process security design paradigm, a methodology to provide security for an e-business organisation is presented here. The methodology makes use of the newly introduced security requirements septet for e-business process.

References

  1. Andreu, A. (2006). Professional Pen testing for web applications. Wiley Publishing, Inc.
  2. Bodin, L., Gordon, L., and Loeb, M. (2005). Evaluating information security investments using the analytic hierarchy process. Communications of the ACM archive, 48:78 - 83.
  3. Bragg, R., Phodes-Ousley, M., and Strassberg, K. (2004). Network Security: The Complete Reference. McGraw-Hill/Osborne.
  4. Furnell, S. (2005)). Why users cannot use security. Computers & Security, 24:274-279.
  5. Giorgini, P., Mylopoulos, J., and Sebastiani, R. (2005). Goal-oriented requirements analysis and reasoning in the tropos methodology. Engineering Applications of Artificial Intelligence, 18:159-171.
  6. Gollman, D. (2003). Computer Security. John Wiley & Sons.
  7. Harris, S. (2003). CISSP All-In-One Exam Guide. McGrawHill/Osborne Media, second edition.
  8. Herrmann, G. and Pernul, G. (1999)). Viewing businessprocess security from different perspectives. International Journal of Electronic Commerce, 3(3):89-103.
  9. Jones, S., Wilikens, M., Morris, P., and Nasera, M. (2000)). Trust requirements in e-business. COMMUNICATIONS OF THE ACM, 43(12):81-87.
  10. Massaccia, F., Prestb, M., and Zannone, N. (2005). Using a security requirements engineering methodology in practice: The compliance with the italian data protection legislation. Computer Standards & Interfaces, 27:445-455.
  11. Moffett, J. D., Halley, C. B., and Nuseibeh, B. (2004). Core security rewuirements artefacts. ISSN 1744- 1986 2004/23, Departmenet of Computing, Faculty of Mathematics and Computing, The Open University, Walton Hall, Milton Keynes, MK7 6AA, UK.
  12. Nachtigal, S. and Mitchell, C. (2006). Modelling e-business security using business processes. In ICETE 2006 - International Joint Conference on E-Business and Telecommunications, SECRYPT. INSTICC.
  13. Susi, A., Perini, A., and Mylopoulos, J. (2005). The tropos metamodel and its use. Informatica, 29:401-408.
  14. Swiderski, F. and Snyder, W. (2004). Threat Modeling. Microsoft Press.
  15. Tettero, O. (2000). Intrinsic Information Security. Embedding Security Issues in the Design Process of Telematicd Systems. Telematica Instituut Fundamental Research Series, No. 006(TI/FRS/006).
Download


Paper Citation


in Harvard Style

Nachtigal S. (2007). E-BUSINESS SECURITY DESIGN USING PROCESS SECURITY REQUIREMENTS SEPTET . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 408-413. DOI: 10.5220/0002128304080413


in Bibtex Style

@conference{secrypt07,
author={S. Nachtigal},
title={E-BUSINESS SECURITY DESIGN USING PROCESS SECURITY REQUIREMENTS SEPTET},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={408-413},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002128304080413},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - E-BUSINESS SECURITY DESIGN USING PROCESS SECURITY REQUIREMENTS SEPTET
SN - 978-989-8111-12-8
AU - Nachtigal S.
PY - 2007
SP - 408
EP - 413
DO - 10.5220/0002128304080413