A framework for information systems architecture
IBM Systems Journal
Business Modeling With UML: Business Patterns at Work
Business Modeling With UML: Business Patterns at Work
Modelling strategic relationships for process reengineering
Modelling strategic relationships for process reengineering
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
Bayesian probabilistic risk analysis
ACM SIGMETRICS Performance Evaluation Review
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
Case handling: a new paradigm for business process support
Data & Knowledge Engineering
Requirements engineering for trust management: model, methodology, and reasoning
International Journal of Information Security
Security in Computing (4th Edition)
Security in Computing (4th Edition)
Enterprise Service Bus
Computer-aided Support for Secure Tropos
Automated Software Engineering
Soa: principles of service design
Soa: principles of service design
Engineering Web Applications
Modern Business Process Automation: YAWL and its Support Environment
Modern Business Process Automation: YAWL and its Support Environment
The Risk IT Framework
Model-Driven Risk Analysis: The CORAS Approach
Model-Driven Risk Analysis: The CORAS Approach
Goal-driven risk assessment in requirements engineering
Requirements Engineering
Hi-index | 0.00 |
The Governance, Risk, and Compliance (GRC) management process for Information Security is a necessity for any software systems where important information is collected, processed, and used. To this extent, many standards for security managements at operational level exists (e.g., ITIL, ISO27K family etc). What is often missing is a process to govern security at organizational level. In this tutorial, we present a method to analyze and design security controls that capture the organizational setting of the system and where business goals and processes are the main citizen. The SI*-GRC method is a comprehensive method that is composed of i) a modeling framework based on a requirement engineering framework, with some extensions related to security & GRC concerns, such as: trust, permission, risk, and treatment, 2) a analysis process defining systematical steps in analyzing and design security controls, 3) analytical techniques to verify that certain security properties are satisfied and the risk level is acceptable, and at last 4) a CASE tool, namely the SI* Tool to support analysts in using the method. To illustrate this method, we use a running example on e-Health adapted from a real-life process in an hospital partner.