Improvement of IT-Security in Enterprises based on Process Analysis and Risk Patterns
Improvement of IT-Security in Enterprises based on Process Analysis and Risk Patterns
The importance of introducing security engineering practices early in the development cycle has been acknowledged, however it has been over-sighted in business processes. The recent approach for the security requirements elicitation from the business processes (SREBP) supports identification of the complete set of security requirements in an efficient way. This contributes to improved IT-security in enterprises and secured enterprise architectures. The main goal is to transfer this approach to the practice of small and medium-sized enterprises (SME) and to incorporate it into enterprise architecture development cycle, creating a set of guidelines. In order to illustrate its usefulness and completeness for engineering security requirements, real-world application cases will be used. The sub-goals include:
- systematic revision of the SREBP approach and transfer of the SREBP method knowledge from Tartu to Rostock and Riga
- alignment of the SREBP approach to the enterprise architecture development process, in particular in SME
- empirical validation of the proposed alignment and proof of the concept within real-world settings.
This project of the Baltic-German University Liaison Office is supported by the German Academic Exchange Service (DAAD) with funds from the Foreign Office of the Federal Republic Germany.