IDEAS home Printed from https://ideas.repec.org/a/spr/infsem/v14y2016i1d10.1007_s10257-015-0276-5.html
   My bibliography  Save this article

Components of a multi-perspective modeling method for designing and managing IT security systems

Author

Listed:
  • Anat Goldstein

    (Ben-Gurion University of the Negev)

  • Ulrich Frank

    (University of Duisburg-Essen)

Abstract

Information technology (IT) security design and management are a major concern and substantial challenge for IT management. Today’s highly complex business and technological environments and the need to effectively communicate and justify IT security requirements and controls demand methodical support. The modeling method presented in this paper addresses this demand. The method is based on the assumption that enriched enterprise models integrating technological, business, organizational and strategic aspects provide an effective foundation for developing and managing IT security systems and facilitating communication and understanding between stakeholders. The proposed modeling method for designing and managing IT security in organizations accounts for different perspectives and is based on multi-perspective enterprise modeling. The core components of the method, based on analysis of requirements at different levels of abstraction, are: modeling language concepts specifically designed to address security issues, process models that guide the use of the resulting language, and a modeling environment. The method facilitates elaborate representations of the various aspects of IT security at different levels of abstraction and covers the entire lifecycle of IT security systems. It not only supports multi-perspective requirement analysis and design but also enables monitoring and analysis of IT security at runtime. The presented artifact is evaluated with recourse to a research method that enables the configuration of multi-criteria justification procedures.

Suggested Citation

  • Anat Goldstein & Ulrich Frank, 2016. "Components of a multi-perspective modeling method for designing and managing IT security systems," Information Systems and e-Business Management, Springer, vol. 14(1), pages 101-140, February.
    • Handle: RePEc:spr:infsem:v:14:y:2016:i:1:d:10.1007_s10257-015-0276-5
    DOI: 10.1007/s10257-015-0276-5
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10257-015-0276-5
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10257-015-0276-5?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Frank, Ulrich & Strecker, Stefan, 2009. "Beyond ERP systems: An outline of self-referential enterprise systems. Requirements, conceptual foundation and design options," ICB Research Reports 31, University Duisburg-Essen, Institute for Computer Science and Business Information Systems (ICB).
    2. Marc Lankhorst, 2005. "Enterprise Architecture at Work," Springer Books, Springer, number 978-3-540-27505-3, September.
    3. Frank, Ulrich, 2010. "Outline of a method for designing domain-specific modelling languages," ICB Research Reports 42, University Duisburg-Essen, Institute for Computer Science and Business Information Systems (ICB).
    4. Adam J. Hatfield & Keith W. Hipel, 2002. "Risk and Systems Theory," Risk Analysis, John Wiley & Sons, vol. 22(6), pages 1043-1057, December.
    5. Ulrich Frank, 2014. "Multilevel Modeling," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 6(6), pages 319-337, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. S. Subashanthini & M. Pounambal, 2020. "Three stage hybrid encryption of cloud data with penta-layer security for online business users," Information Systems and e-Business Management, Springer, vol. 18(3), pages 379-404, September.
    2. Oliver Thomas & Simon Hagen & Ulrich Frank & Jan Recker & Lauri Wessel & Friedemann Kammler & Novica Zarvic & Ingo Timm, 2020. "Global Crises and the Role of BISE," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 62(4), pages 385-396, August.
    3. Anat Goldstein & Thomas Johanndeiter & Ulrich Frank, 2019. "Business process runtime models: towards bridging the gap between design, enactment, and evaluation of business processes," Information Systems and e-Business Management, Springer, vol. 17(1), pages 27-64, March.
    4. Martin (Dae Youp) Kang & Anat Hovav, 2020. "Benchmarking Methodology for Information Security Policy (BMISP): Artifact Development and Evaluation," Information Systems Frontiers, Springer, vol. 22(1), pages 221-242, February.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Martin, Andrew & Dmitriev, Dmitry & Akeroyd, John, 2010. "A resurgence of interest in Information Architecture," International Journal of Information Management, Elsevier, vol. 30(1), pages 6-12.
    2. Heise, David & Strecker, Stefan & Frank, Ulrich, 2014. "ControlML: A domain-specific modeling language in support of assessing internal controls and the internal control system," International Journal of Accounting Information Systems, Elsevier, vol. 15(3), pages 224-245.
    3. Ma³gorzata Pankowska, 2012. "Corporate architecture evaluation methods (Metody oceny architektur korporacyjnych)," Problemy Zarzadzania, University of Warsaw, Faculty of Management, vol. 10(38), pages 167-183.
    4. Stefan Strecker & David Heise & Ulrich Frank, 2011. "RiskM: A multi-perspective modeling method for IT risk assessment," Information Systems Frontiers, Springer, vol. 13(4), pages 595-611, September.
    5. Ulrich Frank & Stefan Strecker & Peter Fettke & Jan Brocke & Jörg Becker & Elmar Sinz, 2014. "The Research Field “Modeling Business Information Systems”," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 6(1), pages 39-43, February.
    6. Emmanouil Ntanos & Gerasimos Dimitriou & Vassilis Bekiaris & Charalampos Vassiliou & Kostas Kalaboukas & Dimitris Askounis, 2018. "A model-driven software engineering workflow and tool architecture for servitised manufacturing," Information Systems and e-Business Management, Springer, vol. 16(3), pages 683-720, August.
    7. Kristina Rosenthal & Benjamin Ternes & Stefan Strecker, 2021. "Business Process Simulation on Procedural Graphical Process Models," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 63(5), pages 569-602, October.
    8. Pinto Claudio Jose & Anunciacao Pedro Fernandes, 2020. "European Seaports Information Systems. The Impacts of Directive 2010/65/EU," Economics and Culture, Sciendo, vol. 17(2), pages 38-49, December.
    9. Michele Bristow & Liping Fang & Keith W. Hipel, 2012. "System of Systems Engineering and Risk Management of Extreme Events: Concepts and Case Study," Risk Analysis, John Wiley & Sons, vol. 32(11), pages 1935-1955, November.
    10. Jesus Palomo & David Rios Insua & Fabrizio Ruggeri, 2007. "Modeling External Risks in Project Management," Risk Analysis, John Wiley & Sons, vol. 27(4), pages 961-978, August.
    11. Christof Gellweiler, 2020. "Connecting Enterprise Architecture and Project Portfolio Management: A Review and a Model for IT Project Alignment," International Journal of Information Technology Project Management (IJITPM), IGI Global, vol. 11(1), pages 99-114, January.
    12. Ralph Foorthuis & Marlies Steenbergen & Sjaak Brinkkemper & Wiel A. G. Bruls, 2016. "A theory building study of enterprise architecture practices and benefits," Information Systems Frontiers, Springer, vol. 18(3), pages 541-564, June.
    13. Stephan Aier & Tobias Bucher & Robert Winter, 2011. "Critical Success Factors of Service Orientation in Information Systems Engineering," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 3(2), pages 77-88, April.
    14. Kichan Nam & Seung Woon Oh & Sung Kun Kim & Jahyun Goo & M. Sajid Khan, 2016. "Dynamics of Enterprise Architecture in the Korean Public Sector: Transformational Change vs. Transactional Change," Sustainability, MDPI, vol. 8(11), pages 1-18, October.
    15. Mårten Simonsson & Pontus Johnson & Mathias Ekstedt & Waldo Rocha Flores, 2011. "It Governance Decision Support Using The It Organization Modeling And Assesment Tool," International Journal of Innovation and Technology Management (IJITM), World Scientific Publishing Co. Pte. Ltd., vol. 8(02), pages 167-189.
    16. Florian Johannsen & Hans-Georg Fill, 2017. "Meta Modeling for Business Process Improvement," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 59(4), pages 251-275, August.
    17. Al Akbari, Salah, 2013. "Proposing Architecture and Process Governance for Risk Mitigation in Organizational Change : a Case Study of the Flight Test and Development Centre (FTC), A Division of the UAE Armed Forces," Economics Thesis from University Paris Dauphine, Paris Dauphine University, number 123456789/12334 edited by Poix, Michel.
    18. Nikos Macheridis & Johan Dergård, 2020. "Dealing With Accountability in Project Selection," International Journal of Information Technology Project Management (IJITPM), IGI Global, vol. 11(1), pages 1-16, January.
    19. K N Papamichail & G Alves & S French & J B Yang & R Snowdon, 2007. "Facilitation practices in decision workshops," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 58(5), pages 614-632, May.
    20. Ian Beeson & Stewart Green & Richard Kamm, 2013. "Comparative process architectures in two higher education institutions," International Journal of Organisational Design and Engineering, Inderscience Enterprises Ltd, vol. 3(1), pages 35-66.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infsem:v:14:y:2016:i:1:d:10.1007_s10257-015-0276-5. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.