Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Formal threat descriptions for enhancing governmental risk assessment
Proceedings of the 1st international conference on Theory and practice of electronic governance
The ISMS Business Environment Elaboration Using a UML Approach
Proceedings of the 2005 conference on Software Engineering: Evolution and Emerging Technologies
Automated Risk and Utility Management
ITNG '09 Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations
Ontology-based generation of IT-security metrics
Proceedings of the 2010 ACM Symposium on Applied Computing
Secure Systems Development with UML
Secure Systems Development with UML
Hi-index | 0.00 |
The work demonstrates practical application of information security integral engineering technique to solve standards analysis and refinement problem. The application was exemplified by the development and analysis of the ISMS standards (ISO/IEC 27000 series) dictionary object model. Standards refinement process consisting of model development, model and standards modification was described. As a result of the research the weaknesses related to "Asset", "Risk management", "Information security policy" and "Certification document" concepts were revealed and proposals on their elimination were formulated. The paper shows that semiformal modeling techniques can be successfully applied and efficiently used to analyze and amend international standards.