Design of a Modelling Language for Information System Security Risk Management

Nicolas Mayer, Patrick Heymans, Raimundas Matulevicius

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférenceArticle dans les actes d'une conférence/un colloque


Nowadays, security has become one of the most demanded characteristics of information systems. However, the ways to address information systems security still lack consensus and integration. On the one hand, researchers have extended various modelling languages and methods with security-oriented constructs in order to take security concerns into account throughout the development lifecycle. On the other hand, practitioners have developed risk management methods to help estimate the relative importance of security risks and the cost-effectiveness of solutions to tackle them. They are mainly driven by security standards that help practitioners assess and improve the security level of their organisations. Obviously, those two families of approaches should be unified so as to maximise the return on investment of implementing security requirements, and thereby align business and information technology concerns related to security. This is the challenge that our research aims to address. This paper presents a research agenda and describes the first steps that were undertaken to achieve it: an alignment of the terminology in the risk management literature and the elaboration of a conceptual model of the risk management domain. Those results will then be inputs for the next phases, which aim to integrate security and risk management concepts in information system development methods.
langue originaleAnglais
titreFirst IEEE International Conference on Research Challenges in Information Science (RCIS'07)
rédacteurs en chefColette Roll, Oscar Pastor, Abdelfdil Bennani, André Flory
Lieu de publicationOuarzazate
EditeurIEEE Computer Society Press
Etat de la publicationPublié - 2007

Empreinte digitale

Examiner les sujets de recherche de « Design of a Modelling Language for Information System Security Risk Management ». Ensemble, ils forment une empreinte digitale unique.

Contient cette citation