{"title":"信息系统安全工程(ESIS)流程:业务流程的形式主义","authors":"Wilson Goudalo, D. Seret","doi":"10.1109/SECURWARE.2009.24","DOIUrl":null,"url":null,"abstract":"Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define Engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-system in order to meet the stakes of companies. After our article focused on the encapsulation of Security know-how into UML profiles, we focus this work on the presentation of the Process of Engineering of Security into the formalism of Business Processes. The main idea is to succeed the adherence, of all stakeholders of the enterprise, into the security problem. To meet these pragmatic and actual needs of companies and organizations, we would suggest an approach to engineering of security, firstly, based on the standards and good practices of security and, secondly, inspired from the best practices and feedback of advances in the engineering of information systems. This paper shows the feasibility of mapping the process of engineering of Security of Information Systems into the formalism of business process, and presents the concepts of engineering of Security of Information Systems using the foundations and models of Information Systems Engineering.","PeriodicalId":382947,"journal":{"name":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes\",\"authors\":\"Wilson Goudalo, D. Seret\",\"doi\":\"10.1109/SECURWARE.2009.24\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define Engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-system in order to meet the stakes of companies. After our article focused on the encapsulation of Security know-how into UML profiles, we focus this work on the presentation of the Process of Engineering of Security into the formalism of Business Processes. The main idea is to succeed the adherence, of all stakeholders of the enterprise, into the security problem. To meet these pragmatic and actual needs of companies and organizations, we would suggest an approach to engineering of security, firstly, based on the standards and good practices of security and, secondly, inspired from the best practices and feedback of advances in the engineering of information systems. This paper shows the feasibility of mapping the process of engineering of Security of Information Systems into the formalism of business process, and presents the concepts of engineering of Security of Information Systems using the foundations and models of Information Systems Engineering.\",\"PeriodicalId\":382947,\"journal\":{\"name\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Third International Conference on Emerging Security Information, Systems and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SECURWARE.2009.24\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Third International Conference on Emerging Security Information, Systems and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SECURWARE.2009.24","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes
Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define Engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-system in order to meet the stakes of companies. After our article focused on the encapsulation of Security know-how into UML profiles, we focus this work on the presentation of the Process of Engineering of Security into the formalism of Business Processes. The main idea is to succeed the adherence, of all stakeholders of the enterprise, into the security problem. To meet these pragmatic and actual needs of companies and organizations, we would suggest an approach to engineering of security, firstly, based on the standards and good practices of security and, secondly, inspired from the best practices and feedback of advances in the engineering of information systems. This paper shows the feasibility of mapping the process of engineering of Security of Information Systems into the formalism of business process, and presents the concepts of engineering of Security of Information Systems using the foundations and models of Information Systems Engineering.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
