Design of a Modelling Language for Information System Security Risk Management

Nicolas Mayer, Patrick Heymans, Raimundas Matulevicius

Research output: Contribution in Book/Catalog/Report/Conference proceedingConference contribution


Nowadays, security has become one of the most demanded characteristics of information systems. However, the ways to address information systems security still lack consensus and integration. On the one hand, researchers have extended various modelling languages and methods with security-oriented constructs in order to take security concerns into account throughout the development lifecycle. On the other hand, practitioners have developed risk management methods to help estimate the relative importance of security risks and the cost-effectiveness of solutions to tackle them. They are mainly driven by security standards that help practitioners assess and improve the security level of their organisations. Obviously, those two families of approaches should be unified so as to maximise the return on investment of implementing security requirements, and thereby align business and information technology concerns related to security. This is the challenge that our research aims to address. This paper presents a research agenda and describes the first steps that were undertaken to achieve it: an alignment of the terminology in the risk management literature and the elaboration of a conceptual model of the risk management domain. Those results will then be inputs for the next phases, which aim to integrate security and risk management concepts in information system development methods.
Original languageEnglish
Title of host publicationFirst IEEE International Conference on Research Challenges in Information Science (RCIS'07)
EditorsColette Roll, Oscar Pastor, Abdelfdil Bennani, André Flory
Place of PublicationOuarzazate
PublisherIEEE Computer Society Press
Publication statusPublished - 2007


  • Conceptual modelling
  • Standards
  • Security
  • Requirements Engineering
  • Risk Management


Dive into the research topics of 'Design of a Modelling Language for Information System Security Risk Management'. Together they form a unique fingerprint.

Cite this