Home // SECURWARE 2011, The Fifth International Conference on Emerging Security Information, Systems and Technologies // View article

Toward Engineering of Security of Information Systems: The Security Acts

Authors:
Wilson Goudalo

Keywords: security acts; security engineering; BPM; enterprise information system security.

Abstract:
Business professionals and researchers have made considerable efforts and significant technical breakthroughs in information security in the last decades. Nevertheless, companies and organizations continue to incur losses associated with security issues. In order to remedy to this situation, we propose a new approach to information security engineering for companies and organizations. First, this approach is based on the standards and good practices of security, second, is inspired from the best practices and feedback of advances in the engineering of enterprise information systems security, and third, its design takes advantage of more than twelve years of experience in system architecture and information security for reknown banks and financial institutions. Our approach to engineering of information systems security aims at: - reducing losses relating to security issues in companies and organizations, operating on an enhanced and sustained information security; - improving the reliability of processes in companies and organizations, and assisting companies in legal and regulatory compliance efforts, operating on security indicators and checkpoints at various levels of management; - helping companies gain competitive advantages through their security management solutions, operating on a global security monitoring system with feedback. As further development of the basic principle of Security know-how Encapsulation into UML profiles [14], we have introduced the mapping global picture of the Process of Security engineering into the formalism of Business Processes. The purpose of this paper is to provide a clear methodology based on the elaboration of the key Security Acts of the process of information systems security engineering. The paper consists of three major parts: - Part One recalls the reasons why BPM has been chosen for our process of system information security. - Part Two develops the key security acts of the process of information systems security engineering. - Part Three shows some security metrics to illustrate the aims of our works.

Pages: 44 to 50

Copyright: Copyright (c) IARIA, 2011

Publication date: August 21, 2011

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-146-5

Location: Nice/Saint Laurent du Var, France

Dates: from August 21, 2011 to August 27, 2011