WSEAS Transactions on Information Science and Applications


Print ISSN: 1790-0832
E-ISSN: 2224-3402

Volume 14, 2017

Notice: As of 2014 and for the forthcoming years, the publication frequency/periodicity of WSEAS Journals is adapted to the 'continuously updated' model. What this means is that instead of being separated into issues, new papers will be added on a continuous basis, allowing a more regular flow and shorter publication times. The papers will appear in reverse order, therefore the most recent one will be on top.


Risk Management in the context of Information Security: a Model-Driven approach

AUTHORS: Anacleto Correia, António Gonçalves, M. Filomena Teodoro

Download as PDF

ABSTRACT: Information security is concerned with the requirements of availability, integrity, and confidentiality of information’s assets, which are fundamental to the long-term survival of an organization. Information security relies in risk management for security risks identification, evaluation and treatment, according to the ISO 31000. The methodologies supporting information security implementation, such the ones based on the ISO 27000 set of standards, are holistic approaches that deals with corporate systems, as well as an extended network that includes business partners, vendors, customers and other stakeholders. This paper uses the model-driven approach for addressing information security systems conception and design, deemed to be compliant with the ISO/IEC 27000 and the ISO 31000 set of standards. A domain level model (computation independent model) based on the information security and risk management vocabulary present in the standards was built. This CIM model serves as a meta-model for platform independent models of information security systems compliant with the information security and risk management standards. This model is the baseline for conceiving, implementing and testing actual information security systems, allowing users from different organizational, functional, and technical levels to use a common language when embedding information security and risk management in their processes.

KEYWORDS: information security, risk management, model-driven architecture, MDA

REFERENCES:

[1] ISO/IEC, “31010:2009, Risk management – Risk assessment techniques,” 2009.

[2] A. Calder and S. Watkins, IT Governance: An International Guide to Data Security and ISO27001/ISO27002, Kogan Page, 2015.

[3] ISO/IEC, “27001:2013 - Information security management systems,” Book 27001:2013 - Information security management systems, Series 27001:2013 - Information security management systems, 2013.

[4] OMG, Object Management Group, MDA Guide Version 1.0.1, 2003.

[5] O. Pastor and J. Molina, Model-Driven Architecture in Practice : A Software Production Environment Based on Conceptual Modeling, Springer-Verlag Berlin and Heidelberg GmbH & Co., 2010.

[6] T. Mens and P. Van Gorp, “A Taxonomy of Model Transformation,” Electronic Notes in Theoretical Computer Science, vol. 152, 2006, pp. 125-142; DOI http://dx.doi.org/10.1016/j.entcs.2005.10.021

[7] A. Correia, “Quality of Process Modeling Using BPMN: A Model-Driven Approach”, PhD Thesis, UNL-FCT, 2014.

[8] A. Correia and F. Brito e Abreu, “Adding preciseness to BPMN models,” Procedia Technology, vol. 5, 2012, pp. 407-417.

[9] A. Correia and F. Brito e Abreu, “Model-driven service level management,” Proc. IFIP International Conference on Autonomous Infrastructure, Management and Security, Springer Berlin Heidelberg, 2010, pp. 85-88.

[10] D. Ga, et al., Model driven architecture and ontology development, Springer Science & Business Media, 2006.

[11] S. Burmester, et al., “Model-Driven Development of Reconfigurable Mechatronic Systems with Mechatronic, UML,” Model Driven Architecture: European MDA Workshops: Foundations and Applications, MDAFA 2003 and MDAFA 2004, Twente, The Netherlands, June 26-27, 2003 and Linköping, Sweden, June 10-11, 2004. Revised Selected Papers, U. Aßmann, et al., eds., Springer Berlin Heidelberg, 2005, pp. 47-61.

[12] O.M.G. OMG, “UML - Unified Modeling Language Version 2.5,” 2015.

[13] B. Blakley, et al., “Information security is information risk management,” Book Information security is information risk management, Series Information security is information risk management, ed., ACM, 2001, pp. 97-104.

[14] ISO, “ISO/IEC 27005:2011 Information technology - Security techniques - Information security risk management”, 2011.

[15] OMG, The Object Management Group, “Object Constraint Language (OCL),” OMG Available Specification, vol. Version 2.0, 2006; DOI formal/06-05-01.

[16] M. Gogolla, et al., “System modeling with USE (UML-based Specification Environment),” Genie Logiciel, no. 85, 2008, pp. 57-58.

WSEAS Transactions on Information Science and Applications, ISSN / E-ISSN: 1790-0832 / 2224-3402, Volume 14, 2017, Art. #2, pp. 10-16


Copyright © 2017 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution License 4.0

Bulletin Board

Currently:

The editorial board is accepting papers.


WSEAS Main Site