Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development

Book chapter


Matulevicius, Raimundas, Mayer, Nicolas, Mouratidis, Haralambos, Dubois, Eric, Heymans, Patrick and Genon, Nicolas 2008. Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development. in: Bellahsène, Zohra and Léonard, Michel (ed.) Advanced Information Systems Engineering: 20th International Conference, CAiSE 2008 Montpellier, France, June 18-20, 2008, Proceedings Springer.
AuthorsMatulevicius, Raimundas, Mayer, Nicolas, Mouratidis, Haralambos, Dubois, Eric, Heymans, Patrick and Genon, Nicolas
EditorsBellahsène, Zohra and Léonard, Michel
Abstract

Security is a major target for today’s information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively communicating risk-related information. However, we think that current languages can be improved in this respect. In this paper, we discuss this issue for Secure Tropos, the language supporting the eponymous agent-based IS development. We analyse it and suggest improvements in the light of an existing reference model for IS security risk management. This allows for checking Secure Tropos concepts and terminology against those of current risk management standards, thereby improving the conceptual appropriateness of the language. The paper follows a running example, called eSAP, located in the healthcare domain.

Keywordsrisk management; information system security
Book titleAdvanced Information Systems Engineering: 20th International Conference, CAiSE 2008 Montpellier, France, June 18-20, 2008, Proceedings
Year2008
PublisherSpringer
Publication dates
Print2008
Publication process dates
Deposited18 Jan 2010
Series Lecture Notes in Computer Science
Event20th International Conference, CAiSE 2008
ISBN978-3-540-69533-2
978-3-540-69534-9
ISSN0302-9743
Digital Object Identifier (DOI)doi:10.1007/978-3-540-69534-9_40
Web address (URL)http://hdl.handle.net/10552/493
Copyright information© Springer-Verlag Berlin Heidelberg 2008
Additional information

Citation:
Matulevicius, R. et al. (2008) ‘Adapting Secure Tropos for Security Risk Management during Early Phases of the Information Systems Development’ In: Dubois, E; Pohl, K. (Eds) CAiSE 2008, LNCS 5074 pp 541-555.

Accepted author manuscript
License
CC BY-ND
Permalink -

https://repository.uel.ac.uk/item/865v4

  • 3
    total views
  • 19
    total downloads
  • 1
    views this month
  • 4
    downloads this month