Risk-aware decision support with constrained goal models. (8th October 2018)
- Record Type:
- Journal Article
- Title:
- Risk-aware decision support with constrained goal models. (8th October 2018)
- Main Title:
- Risk-aware decision support with constrained goal models
- Authors:
- Argyropoulos, Nikolaos
Angelopoulos, Konstantinos
Mouratidis, Haralambos
Fish, Andrew - Abstract:
- Abstract : Purpose: The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a structured method to support crucial security decisions during a system's design that can take account of risk whilst providing feedback on the optimal decisions within specific scenarios would be valuable. Design/methodology/approach: Secure Tropos is a well-established security requirements engineering methodology, but it has no concepts of Risk, whilst Constrained Goal Models are an existing method to support relevant automated reasoning tasks. Hence we bridge these methods, by extending Secure Tropos to incorporate the concept of Risk, so that the elicitation and analysis of security requirements can be complimented by a systematic risk assessment process during a system's design time and supporting the reasoning regarding the selection of optimal security configurations with respect to multiple system objectives and constraints, via constrained goal models. Findings: As a means of conceptual evaluation, to give an idea of the applicability of the approach and to check if alterations may be desirable, a case study of its application to an e-government information system is presented. The proposed approach is able to generate security mechanism configurations for multipleAbstract : Purpose: The selection of security configurations for complex information systems is a cumbersome process. Decision-making regarding the choice of security countermeasures has to take into consideration a multitude of, often conflicting, functional and non-functional system goals. Therefore, a structured method to support crucial security decisions during a system's design that can take account of risk whilst providing feedback on the optimal decisions within specific scenarios would be valuable. Design/methodology/approach: Secure Tropos is a well-established security requirements engineering methodology, but it has no concepts of Risk, whilst Constrained Goal Models are an existing method to support relevant automated reasoning tasks. Hence we bridge these methods, by extending Secure Tropos to incorporate the concept of Risk, so that the elicitation and analysis of security requirements can be complimented by a systematic risk assessment process during a system's design time and supporting the reasoning regarding the selection of optimal security configurations with respect to multiple system objectives and constraints, via constrained goal models. Findings: As a means of conceptual evaluation, to give an idea of the applicability of the approach and to check if alterations may be desirable, a case study of its application to an e-government information system is presented. The proposed approach is able to generate security mechanism configurations for multiple optimisation scenarios that are provided, whilst there are limitations in terms of a natural trade-off of information levels of risk assessment that are required to be elicited. Originality/value: The proposed approach adds additional value via its flexibility in permitting the consideration of different optimisation scenarios by prioritising different system goals and the automated reasoning support. … (more)
- Is Part Of:
- Information and computer security. Volume 26:Number 4(2018)
- Journal:
- Information and computer security
- Issue:
- Volume 26:Number 4(2018)
- Issue Display:
- Volume 26, Issue 4 (2018)
- Year:
- 2018
- Volume:
- 26
- Issue:
- 4
- Issue Sort Value:
- 2018-0026-0004-0000
- Page Start:
- 472
- Page End:
- 490
- Publication Date:
- 2018-10-08
- Subjects:
- Decision making -- Information security -- Constraint goal models -- Secure Tropos -- Security requirements
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-01-2018-0010 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8619.xml