By Topic

The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Goudalo, W. ; Res. Center in Inf. of Paris CRIP5, Paris Descartes Univ., Paris, France ; Seret, D.

Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-system in order to meet the stakes of companies. After our article focused on the encapsulation of security know-how into UML profiles, we focus this work on the presentation of the process of engineering of security into the formalism of business processes. The main idea is to succeed the adherence, of all stakeholders of the enterprise, into the security problem. To meet these pragmatic and actual needs of companies and organizations, we would suggest an approach to engineering of security, firstly, based on the standards and good practices of security and, secondly, inspired from the best practices and feedback of advances in the engineering of information systems. This paper shows the feasibility of mapping the process of engineering of security of information systems into the formalism of business process, and presents the concepts of engineering of security of information systems using the foundations and models of information systems engineering.

Published in:

Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference on

Date of Conference:

18-23 June 2009