Modelling security during early requirements
: contributions to and usage of a domain model for information system security risk management

Student thesis: Master typesMaster in Computer science

Abstract

Security has become one of the most important concerns when designing Information Systems (IS). In front of the increasing number of aspects of our life relying on network communication and on computerized processes, and the explosing number of Internet attacks, the industries have to protect their assets against such risk. Even if the need of practical approaches to ensure that security objectives are guaranteed is obvious, it seems that practitioners strain to take care about. The reason is certainly that they are faced with hundreds of security standards, frameworks and methods. Each of them focuses on different aspects of the security and uses different terminologies, leading to a situation without consensus between the practioners. This lack of consensus and approaches to ensure security in IS motivates researchers to enrich actual Security Risk Management (SRM) approaches and, in the same time, to investigate new methods to manage security in systems. This thesis comes within the scope of N. Mayer's work which investigates the IS Security Risk Management (ISSRM). This thesis contributes to the elaboration of the ISSRM domain model by completing it with relationships between its concepts. Secondly, it gives proposals to enhance the ISSRM domain model from results obtained from its alignment with security modelling languages. Finally, it suggests how to improve these security modelling languages in order to support all the concepts from the ISSRM domain model.
Date of Award2007
Original languageEnglish
SupervisorPatrick HEYMANS (Supervisor)

Keywords

  • security risk management
  • ISSRM domain model
  • KAOS
  • secure TROPOS
  • concepts alignment

Cite this

'