Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Enhancement of a Business Model with a Business Contextual Risk Model

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12528))

Included in the following conference series:

  • 1297 Accesses

Abstract

In this paper, we propose an approach of security risk-driven contextual model for software systems development. The approach is model-driven using enterprise business architecture as the basis for the contextual models definition, associating security risk concerns. Enterprise Architecture (EA) enables the description of an organisation’s structure, its business and its underlying Information System. By using a Model-Driven Engineering (MDE) approach such as Model-Driven Architecture (MDA), we dene an architecture for models, and we provide a set of guidelines for structuring specications expressed as (EA) contextual models. Then these models are enhanced to integrate security aspects in the overall development process. The proposal aims to analyse enterprise security from a business-oriented view and define security requirements inherited by the lower architectures, particularly IS architecture. The approach provides a meta-model of business contextual risk with a security management process, consisting on a systematic method, guiding to risk modelling and risk treatment strategies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Selic, B.: MDA manifestations. Eur. J. Inform. Prof. 9(2), 12–16 (2008)

    Google Scholar 

  2. Kleppe, A., Warmer, J., Bast, W.: MDA Explained the Model-Driven Architecture: Practice and Promise. Addison-Wesley, Boston (2003)

    Google Scholar 

  3. Davies, J., Gibbons, J., Milward, D., Welch, J.: Compositionality and refinement in model-driven engineering. In: Gheyi, R., Naumann, D. (eds.) SBMF 2012. LNCS, vol. 7498, pp. 99–114. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33296-8_9

    Chapter  Google Scholar 

  4. Simonin, J., Puentes, J.: Automatized integration of a contextual model into a process with data variability. Comput. Lang. Syst. Structures 54, 156–182 (2018)

    Article  Google Scholar 

  5. Innerhofer-OBerperfler, F., Breu, R.: Using an enterprise architecture for IT risk management. In: ISSA, pp. 1–12 (2006)

    Google Scholar 

  6. Open Group Guide: Integrating Risk and Security within a TOGAF® Enterprise Architecture ISBN: 1-937218-66-9 Document Number: G152 Published by The Open Group, January 2016

    Google Scholar 

  7. Kleppe, A.G., Warmer, J., Warmer, J.B., et al.: MDA explained: The Model Driven Architecture: Practice and Promise. AddisonWesley Professional, Boston (2003)

    MATH  Google Scholar 

  8. Asnar, Y., Giorgini, P., Massacci, F., et al.: From trust to dependability through risk analysis. In: The 2nd International Conference on Availability, Reliability and Security (ARES 2007), pp. 19–26. IEEE (2007)

    Google Scholar 

  9. Zachman, J.A.: A framework for information systems architecture. IBM Syst. J. 38(2/3), 454–470 (1999)

    Article  Google Scholar 

  10. Department of Defense Architecture Framework Working Group: DoD Architecture Framework, version 1.5. Department of Defense, USA (2007)

    Google Scholar 

  11. The Open Group: TOGAF 2007 edition, Van Haren Publishing, Zaltbommel, Netherlands (2008)

    Google Scholar 

  12. Grandry, E., Feltus, C., et Dubois, E.: Conceptual integration of enterprise architecture management and security risk management. In: 17th IEEE International Enterprise Distributed Object Computing Conference Workshops, vol. 2013, pp. 114–123. IEEE (2013)

    Google Scholar 

  13. Dubois, É., Heymans, P., Mayer, N., et al.: A systematic approach to define the domain of information system security risk management. In: Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Berlin, Heidelberg (2010)

    Google Scholar 

  14. Hervé S.: Consultants ISO/IEC 27005:2011 Information technology - Security techniques - Information security risk management (2010)

    Google Scholar 

  15. Lucio, L., Zhang, Q., Nguyen, P.H., et al.: Advances in model-driven security. In: Advances in Computers, pp. 103–152. Elsevier (2014)

    Google Scholar 

  16. threat-Glossary — CSRC, Arpil 2020. https://csrc.nist.gov/glossary/term/threat

  17. Chowdhury, M.J.M.: Security risk modelling using SecureUML. In: 16th International Conference Computer and Information Technology, pp. 420–425. IEEE (2014)

    Google Scholar 

  18. Jonkers, H., Lankhorst, M.M., Ter Doest, H.W.L., et al.: Enterprise architecture: management tool and blueprint for the organisation. Inf. Syst. Front. 8(2), 63–66 (2006)

    Article  Google Scholar 

  19. Myagmar, S., Lee, A.J., et Yurcik, W.: Threat modeling as a basis for security requirements. In: Symposium on Requirements Engineering for Information Security (SREIS), pp. 1–8 (2005)

    Google Scholar 

  20. Shostack, A.: Threat Modeling: Designing for Security. John Wiley & Sons, Indianapolis (2014)

    Google Scholar 

  21. https://www.omg.org/mda/mda_files/09-03-WP_Mapping_MDA_to_Zachman_Framework1.pdf

Download references

Author information

Authors and Affiliations

  1. IMT Atlantique – Lab-STICC UMR CNRS 6285, Technopôle Brest Iroise, 29238, Brest cedex, France

    Zakariya Kamagaté, Jacques Simonin & Yvon Kermarrec

  2. LASTIC-DRIT, ESATIC, 18 BP 1501 Abidjan 18, Abidjan, Côte d’Ivoire

    Zakariya Kamagaté

Authors
  1. Zakariya Kamagaté
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jacques Simonin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yvon Kermarrec
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zakariya Kamagaté .

Editor information

Editors and Affiliations

  1. Telecom SudParis, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. Telecom Paris, Palaiseau, France

    Jean Leneutre

  3. Polytechnique Montréal, Montréal, QC, Canada

    Nora Cuppens

  4. IRT SystemX, Palaiseau, France

    Reda Yaich

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kamagaté, Z., Simonin, J., Kermarrec, Y. (2021). Enhancement of a Business Model with a Business Contextual Risk Model. In: Garcia-Alfaro, J., Leneutre, J., Cuppens, N., Yaich, R. (eds) Risks and Security of Internet and Systems. CRiSIS 2020. Lecture Notes in Computer Science(), vol 12528. Springer, Cham. https://doi.org/10.1007/978-3-030-68887-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-68887-5_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-68886-8

  • Online ISBN: 978-3-030-68887-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation