| Abstract [eng] |
The aim of this work is to create a business process modeling and IS requirements specification method with a security assessment. For this purpose, a three-level organizational security model with assessment of organization's objectives, management structure and business processes was made. The paper analyzes the security requirements engineering process associated with the business modeling and application management of the organization level. The system security standards ISO / IEC 17799, ISO / IEC 13335, which refer to the essential safety aspects, were analyzed. There was developed business model using BPMN. The IS security requirements specification techniques and models of i * framework, misuse cases were analyzed, analysis of trade-offs was made. There were selected the security requirements modeling methods - the misuse cases, the goal model, BPMN, which include key performance functions and allow to link business with a possible misuse case model. Based on MoDAF models a developed business model was created. Using UML Use Case diagrams, which specify information system security requirements, IS model for potential misuse cases was designed. The Magic Draw profile and plug-in package was created, which is a help for an analyst and projector to ensure the security of the IS. Operating conditions and simulation method was tested through UAB „Piramidė LT“, requirements specification, which includes the security requirements. |
