Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reviewed by Fahad Al Ruwaili Copyright © 2009, Fahad F. AlRuwaili. This work may be copied under conditions set forth in the Creative Commons Attribution-NonCommercial.

Published byTerence Golden Modified over 8 years ago

Similar presentations

Presentation on theme: "Reviewed by Fahad Al Ruwaili Copyright © 2009, Fahad F. AlRuwaili. This work may be copied under conditions set forth in the Creative Commons Attribution-NonCommercial."— Presentation transcript:

1 Reviewed by Fahad Al Ruwaili Copyright © 2009, Fahad F. AlRuwaili. This work may be copied under conditions set forth in the Creative Commons Attribution-NonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/us/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA. http://creativecommons.org/licenses/by-nc-nd/3.0/us/ Oct 12 th, 2010

2 About the Paper  Authors: D'Aubeterre F* D'Aubeterre F Singh R* Singh R Iyer L* Iyer L *Information Systems and Operations Management – Bryan School of Business and Economics – The University of North Carolina a Greensboro  Published: Oct 2008  ISSN: 0960-085X  Citation: Zero – according to ISI web of knowledge ℠  Source: European Journal of Information Systems (2008) 17, 528–542.doi:10.1057/ejis.2008.42 2

3 Distinct Points  Sharing information and knowledge resources is surrounded with risks  loss of valuable asset  Security requirements have been always an afterthought in system development phases  No conceptualization of secure business process  no integration of security requirements in the design of BP 3

4 The Goal A DR model based on defined set of security constraints in order to develop secure exchange of information resources that is in- sync to business processes Ultimately: increase the security awareness Role Based Access Control (RBAC)*  next slide *NIST Standard 2004 4

5 Design Phase “the best approach to development of security analysis and design methodology, would essentially be to nest it as a component part of an existing, established, successful overall information systems analysis and design methodology” Baskerville (1988)* * BASKERVILLE R (1988) Designing Information Systems Security. John Wiley & Sons, New York. 5

6 RBAC & SARC  Secure Activity Resource Coordination (SARC)  Role-Based Access Control (RBAC) RBAC Activity resource coordination SARC 6

7 Secure BP  Modeling concepts for SARC secure business processes via defined rules 7

8 Hypotheses 8 H1: A business process model developed using SARC artifacts is informationally equivalent to a business process model developed using Enriched-Use Case and standard UML Activity Diagrams. H2: A business process model developed using SARC artifacts creates a higher level of security awareness than a business process model developed using Enriched-Use Cases and standard UML-Activity Diagrams. H3: A business process model developed using SARC artifacts creates a higher level of security awareness than a business process model developed using Enriched-Use Cases and standard UML-Activity Diagrams for users with experience in business process analysis.

9 Design Cycle - Evaluation  Extension of Security Awareness Situational Awareness(SA) 3 levels of SA (Endsley)* ○ Ability to perceive the statue ○ Ability to comprehend the current statue ○ Ability to predict the future 9 *ENDSLEY MR (1995) Toward a theory of situational awareness in dynamic systems. Human Factors 37(1), 32–64.

10 Critique DSR guidelines Guideline 1: Design as an artifact The authors provide a conceptual model which represents the artifact Guideline 2: Problem relevance The DSR is relevant because ○ The proposed the methodology is technology- based and supports securing BP 10

11 Critique DSR guidelines √ Guideline 3: Design evaluation Analysis based on empirical design in evaluating √ Guideline 4: Research contributions Model of concepts to increase the level of awareness in securing BP √ Guideline 5: Research rigor Construction and evaluation methods are performed (requirements, modeling, analysis, experiments) 11

12 Critique DSR guidelines  Guideline 6: Design as a search process They could cover more concepts in securing BP Not sure if it is effective, even though applied to a real-world BP √ Guideline 7: Communication of research Anonymous reviewers Participants’ comments from: ○ DESRIST 2007 ○ ICIS 12

13 General Thoughts  They could incorporate security experts/specialists in order to assist  They missed important aspect in RBAC (‘Least Privilege’ or ‘Need to Know’)  Lack of security awareness evaluation metrics/table  Confidentiality Recommendation: (RBAC + Crypto Systems into SARC) 13

14 14

Download ppt "Reviewed by Fahad Al Ruwaili Copyright © 2009, Fahad F. AlRuwaili. This work may be copied under conditions set forth in the Creative Commons Attribution-NonCommercial."

Similar presentations

Scientific Communication Life-cycle model

Scientific Communication Life-cycle model
Full life cycle support for security concerns minutes topics Wouter Joosen.

Full life cycle support for security concerns minutes topics Wouter Joosen.
Richard Jones DSpace for E-Theses th September 2004 DSpace for E-Theses Introducing the results of the Theses Alive! Project.

Richard Jones DSpace for E-Theses th September 2004 DSpace for E-Theses Introducing the results of the Theses Alive! Project.
Work-based learning Click on the speaker on each slide to learn more!

Work-based learning Click on the speaker on each slide to learn more!
Information Security Level 2 – Sensitive© 2009 – Proprietary and Confidential Information of Amdocs Recommend Friends Program.

Information Security Level 2 – Sensitive© 2009 – Proprietary and Confidential Information of Amdocs Recommend Friends Program.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Outline 1) Objectives 2) Model representation 3) Assumptions 4) Data type requirement 5) Steps for solving problem 6) A hypothetical example Path Analysis.

Outline 1) Objectives 2) Model representation 3) Assumptions 4) Data type requirement 5) Steps for solving problem 6) A hypothetical example Path Analysis.
© Copyright CSAB 2013 Future Directions for the Computing Accreditation Criteria Report from CAC and CSAB Joint Criteria Committee Gayle Yaverbaum Barbara.

© Copyright CSAB 2013 Future Directions for the Computing Accreditation Criteria Report from CAC and CSAB Joint Criteria Committee Gayle Yaverbaum Barbara.
Copyright © 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Slide 12- 1.

Copyright © 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Slide
Moving from Conference Paper to Journal Article: Strategies for Success as an Author & Developing a Reputation as a Good Reviewer John Humphreys, Eastern.

Moving from Conference Paper to Journal Article: Strategies for Success as an Author & Developing a Reputation as a Good Reviewer John Humphreys, Eastern.
Introduction to Research

Introduction to Research
PowerPoint Presentation for Dennis, Wixom & Tegarden Systems Analysis and Design Copyright 2001 © John Wiley & Sons, Inc. All rights reserved. Slide 1.

PowerPoint Presentation for Dennis, Wixom & Tegarden Systems Analysis and Design Copyright 2001 © John Wiley & Sons, Inc. All rights reserved. Slide 1.
ABET 1 SAYS - Your Senior Design Course Should Include Engineering design is the process of devising a system, component, or process to meet desired needs.

ABET 1 SAYS - Your Senior Design Course Should Include Engineering design is the process of devising a system, component, or process to meet desired needs.
PowerPoint Presentation for Dennis, Wixom & Tegarden Systems Analysis and Design Copyright 2001 © John Wiley & Sons, Inc. All rights reserved. Slide 1.

PowerPoint Presentation for Dennis, Wixom & Tegarden Systems Analysis and Design Copyright 2001 © John Wiley & Sons, Inc. All rights reserved. Slide 1.
Company LOGO B2C E-commerce Web Site Quality: an Empirical Examination (Cao, et al) Article overview presented by: Karen Bray Emilie Martin Trung (John)

Company LOGO B2C E-commerce Web Site Quality: an Empirical Examination (Cao, et al) Article overview presented by: Karen Bray Emilie Martin Trung (John)
Introduction to System Analysis and Design - Dr. Mahmoud Abu-Arra - Dr. Mahmoud Abu-Arra - Mr. Ahmad Al-Ghoul System Analysis and Design.

Introduction to System Analysis and Design - Dr. Mahmoud Abu-Arra - Dr. Mahmoud Abu-Arra - Mr. Ahmad Al-Ghoul System Analysis and Design.
1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.

1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.
CSR Project, 3 cr. Corporate Responsibility, C-module (15 cr.) or free-choise studies Introduction to Corporate responsibility, 1,5-3 cr. (depending on.

CSR Project, 3 cr. Corporate Responsibility, C-module (15 cr.) or free-choise studies Introduction to Corporate responsibility, 1,5-3 cr. (depending on.
© 2009 Michigan State University licensed under CC-BY-SA, original at Corrective Action.

© 2009 Michigan State University licensed under CC-BY-SA, original at Corrective Action.
1 Copyright 8 2002 Flying Kiwi Productions Inc. An Introduction to Object-Oriented Analysis Objects and UML in plain English. Chapter.

1 Copyright Flying Kiwi Productions Inc. An Introduction to Object-Oriented Analysis Objects and UML in plain English. Chapter.

Similar presentations

Ads by Google