• PDF / 2,293,833 Bytes
• 16 Pages / 439.37 x 666.142 pts Page_size
• 52 Downloads / 163 Views

DOWNLOAD

REPORT

niversity of Tartu, Tartu, Estonia [email protected], [email protected] 2 Tallinn University of Technology, Tallinn, Estonia [email protected], [email protected]

Abstract. Security risk management is an important part of system development. Given that a majority of modern organisations rely heavily on information systems, security plays a big part in ensuring smooth operations of business processes. For example, many people rely on eservices offered by banks and medical establishments. Inadequate security measures in information systems have unwanted effects on an organisation’s reputation and on people’s lives. In this case study research paper, we target the secure system development problem by suggesting the application of security risk oriented patterns. These patterns help find security risk occurrences in business processes and present mitigations for these risks. They provide business analysts with means to elicit and introduce security requirements to business processes. At the same time, they reduce the efforts needed for risk analysis. These security risk oriented patterns are applied on business processes from an aviationturnaround system. In this paper, we report our experience to derive security requirements to mitigate security risks in distributed systems.

1

Introduction

Security is a very important software quality for the ability to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction [3]. Modern organisations rely heavily on information systems and security is essential for ensuring smooth operations of business processes. For example, the socio-technically rich case of airline industry experiences a quick and holistic penetration with information technology [5]. A socio-technical system is a complex organizational work design in which people solve problems at their workplaces with the means of rather sophisticated technology. This trend leads to many new risks and security issues that are associated with civil aviation resulting in worst cases of catastrophic airline crashes. Communication is another critical security issue, e.g., a deliberate c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing Switzerland 2016. All Rights Reserved J. Horkoff et al. (Eds.): PoEM 2016, LNBIP 267, pp. 209–224, 2016. DOI: 10.1007/978-3-319-48393-1 15

210

S. Samar¨ utel et al.

jamming of automatic dependent surveillance-broadcast (ADS-B) systems [9], a surveillance technology to determine an aircraft position. Furthermore, the recognition arises that the aviation industry turns rapidly into a cyber-physical system (CPS) [18] that poses additional novel risks and security issues. Briefly, a CPS [4] is a system composed of physical entities that are controlled or monitored by computer-based algorithms. The initial approach to studying airport-related security is rather technical while recent work recognises this is a socio-technical system [10]. In [11], the authors recognize

Recommend Documents

Database Security and Security Patterns

200 108 13MB

Arbeiten mit Security Patterns

179 89 4MB

Neotropical Diversification: Patterns and Processes

156 83 26MB

ISSE 2010 Securing Electronic Business Processes Highlights of the I

172 96 71MB

Parasite Communities: Patterns and Processes

197 21 32MB

Modeling and Analysis of Security in Design Phase of IoT Based Applications Using Security Patterns

152 17 57MB

Embedded Security in Cars Securing Current and Future Automotive IT

144 33 3MB

Securing Europe European Security in an American Epoch

157 77 572KB

ISSE 2013 Securing Electronic Business Processes Highlights of t

140 25 6MB

ISSE 2011 Securing Electronic Business Processes Highlights of the I

154 83 7MB

ISSE 2009 Securing Electronic Business Processes Highlights of the I

182 6 172MB

Securing the LoRaWAN join procedure using blockchains

168 81 2MB