Skip to main content
SpringerLink
Log in

Cyber Security Resilience in Business Informatics: An Exploratory Paper

  • Conference paper
  • First Online:
Perspectives in Business Informatics Research (BIR 2020)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 398))

Included in the following conference series:

  • 850 Accesses

Abstract

Although considerable effort is made to secure organisational infrastructures and to protect organizational assets, it is widely acknowledged that it is equally important to ensure that organisations need to define appropriate ways to harden their overall resilience including recovery from security incidents. In this exploratory paper we outline research challenges and we present the motivation and the foundations of a novel framework that is based on security resilience and capability modelling theory.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.nao.org.uk/.

References

  1. Islam, S., Mouratidis, H., Kalloniatis, C., Hudic, A., Zechner, L.: Model based process to support security and privacy requirements engineering. Int. J. Secur. Softw. Eng. (IJSSE) 3(3), 1–22 (2012)

    Article  Google Scholar 

  2. Williams, L.: Secure Software Lifecycle Knowledge Area, Issue 1, The National Cyber Security Centre (2019). https://www.cybok.org/media/downloads/Secure_Software_Lifecycle_KA_-_Issue_1.0_August_2019.pdf. Accessed 28 May 2020

  3. Papastergiou, S., Mouratidis, H., Kalogeraki, E.: Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures. Evol. Syst. (2020). https://doi.org/10.1007/s12530-020-09335-4

    Article  Google Scholar 

  4. Ross, R., Pillitteri, V., Graubart, R., Bodeau, B., McQuaid, R.: Developing cyber resilient systems: a systems security engineering approach. SP 800–160, vol. 2 (2019). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2.pdf. Accessed: 28 May 2020

  5. NRC (National Research Council): Disaster resilience: a national imperative. The National Academies Press, Washington, DC (2012)

    Google Scholar 

  6. Ulrich, W., Rosen, M.: The business capability map: building a foundation for business/IT alignment. Cut. Consort. Bus. Enterp. Arch. (2011). http://www.cutter.com/content-and-analysis/resource-centers/enterprise-architecture/sample-our-research/ea110504.html. Accessed 28 May 2020

  7. Zdravkovic, J., Stirna, J., Grabis, J.: A comparative analysis of using the capability notion for congruent business and information systems engineering. J. Complex Syst. Inform. Model. Q. CSIMQ (10), 1–20 (2017). https://doi.org/10.7250/csimq. Accessed 01 Oct 2017

  8. Bērziša, S., et al.: Capability driven development: an approach to designing digital enterprises. Bus. Inf. Syst. Eng. (BISE), 57(1) (2015). https://doi.org/10.1007/s12599-014-0362-0

  9. Sandkuhl, K., Stirna, J. (eds.): Capability Management in Digital Enterprises. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-90424-5. ISBN 978-3-319-90423-8

    Book  Google Scholar 

  10. Bodeau, D., Graubart, R.: Cyber resiliency design principles. United States: The MITRE Corporation, pp. 1–90, January 2017. Technical report, Report No: 17-0103

    Google Scholar 

  11. Stouffer, K., Lightman, S., Pillitteri, V., Abrams, M., Hahn, A.: Guide to industrial control systems (ICS) security. NIST Special Publication 800-82 Revision 2 (2014, 2015)

    Google Scholar 

  12. Mead, N.R., Stehney, T.: Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Softw. Eng. Notes 30(4), 1 (2005)

    Google Scholar 

  13. Mellado, D., Fernndez-Medina, E., Piattini. M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stand. Interfaces 29(2), 244–253 (2007)

    Google Scholar 

  14. Othman, S.H., Beydoun, G.: A disaster management metamodel (DMM) validated. In: Kang, B.-H., Richards, D. (eds.) PKAW 2010. LNCS (LNAI), vol. 6232, pp. 111–125. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15037-1_11

    Chapter  Google Scholar 

  15. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)

    Google Scholar 

  16. Compagna, L., El Khoury, P., Krausov, A., Massacci, F., Zannone, N.: How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artifcial Intell. Law 17(1), 1–30 (2009)

    Article  Google Scholar 

  17. Mouratidis, H.: Secure software systems engineering: the Secure Tropos approach. JSW 6(3), 331–339 (2011)

    Article  Google Scholar 

  18. Mufti, Y., Niazi, M., Alshayeb, M., Mahmood, S.: A readiness model for security requirements engineering. IEEE Access, 1 (2018). https://doi.org/10.1109/access.2018.2840322

  19. Rehman, Sh., Gruhn, V.: An effective security requirements engineering framework for cyber-physical systems. Technologies 6, 65 (2018). https://doi.org/10.3390/technologies6030065

  20. Tran, H., Campos-Nanez, E., Fomin, P., Wasek, J.: Cyber resilience recovery model to combat zero-day malware attacks. Sci. Direct Comput. Secur. 61 (2016). https://doi.org/10.1016/j.cose.2016.05.001

  21. Galinec, D., Steingartner, W.: Combining cybersecurity and cyber defense to achieve cyber resilience. In: Proceedings of IEEE 14th International Scientific Conference on Informatics. IEEE (2017). https://doi.org/10.1109/informatics.2017.8327227

  22. Gourisetti, S.N.G., et al.: Secure design and development cybersecurity capability maturity model (SD2-C2M2): next-generation cyber resilience by design. In: Proceedings of the Northwest Cybersecurity Symposium, NCS’19, International Conference Proceeding Series (ICPS), ACM Digital Library (2019). https://doi.org/10.1145/3332448.3332461

  23. Björck, F., Henkel, M., Stirna, J., Zdravkovic, J.: Cyber resilience – fundamentals for a definition. In: Rocha, A., Correia, A.M., Costanzo, S., Reis, L.P. (eds.) New Contributions in Information Systems and Technologies. AISC, vol. 353, pp. 311–316. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16486-1_31

    Chapter  Google Scholar 

  24. Haque, Md.A., Kamdem De Teyou, G., Shetty, S., Krishnappa, B.: Cyber resilience framework for industrial control systems: concepts, metrics, and insights. In: Proceedings of IEEE International Conference on Intelligence and Security Informatics Conference, ISI. IEEE (2018). https://doi.org/10.1109/isi.2018.8587398

  25. Athinaiou, M., Mouratidis, H., Fotis, T., Pavlidis, M., Panaousis, E.: Towards the definition of a security incident response modelling language. In: Furnell, S., Mouratidis, H., Pernul, G. (eds.) TrustBus 2018. LNCS, vol. 11033, pp. 198–212. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98385-1_14

    Chapter  Google Scholar 

  26. Zdravkovic, J., Stirna, J., Kuhr, J.-C., Koç, H.: Requirements engineering for capability driven development. In: Frank, U., Loucopoulos, P., Pastor, Ó., Petrounias, I. (eds.) PoEM 2014. LNBIP, vol. 197, pp. 193–207. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45501-2_14

    Chapter  Google Scholar 

Download references

Acknowledgments

This research is partially funded by the Ministry of Education and Science, Republic of Latvia, project ARTSS - Advanced Resilience Technologies for Secure Service, no. VPP-COVID-2020/1-0009.

Author information

Authors and Affiliations

  1. Centre for Secure, Intelligent and Usable Systems, University of Brighton, Brighton, UK

    Haralambos Mouratidis

  2. Department of Computer and Systems Sciences, Stockholm University, Stockholm, Sweden

    Haralambos Mouratidis, Jelena Zdravkovic & Janis Stirna

Authors
  1. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jelena Zdravkovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Janis Stirna
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Janis Stirna .

Editor information

Editors and Affiliations

  1. BabeÈ™-Bolyai University, Cluj Napoca, Romania

    Robert Andrei Buchmann

  2. University of Camerino, Camerino, Italy

    Andrea Polini

  3. Linköping University, Linköping, Sweden

    Björn Johansson

  4. University of Vienna, Vienna, Austria

    Dimitris Karagiannis

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mouratidis, H., Zdravkovic, J., Stirna, J. (2020). Cyber Security Resilience in Business Informatics: An Exploratory Paper. In: Buchmann, R.A., Polini, A., Johansson, B., Karagiannis, D. (eds) Perspectives in Business Informatics Research. BIR 2020. Lecture Notes in Business Information Processing, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-61140-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-61140-8_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-61139-2

  • Online ISBN: 978-3-030-61140-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation