Abstract
Although considerable effort is made to secure organisational infrastructures and to protect organizational assets, it is widely acknowledged that it is equally important to ensure that organisations need to define appropriate ways to harden their overall resilience including recovery from security incidents. In this exploratory paper we outline research challenges and we present the motivation and the foundations of a novel framework that is based on security resilience and capability modelling theory.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Islam, S., Mouratidis, H., Kalloniatis, C., Hudic, A., Zechner, L.: Model based process to support security and privacy requirements engineering. Int. J. Secur. Softw. Eng. (IJSSE) 3(3), 1–22 (2012)
Williams, L.: Secure Software Lifecycle Knowledge Area, Issue 1, The National Cyber Security Centre (2019). https://www.cybok.org/media/downloads/Secure_Software_Lifecycle_KA_-_Issue_1.0_August_2019.pdf. Accessed 28 May 2020
Papastergiou, S., Mouratidis, H., Kalogeraki, E.: Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures. Evol. Syst. (2020). https://doi.org/10.1007/s12530-020-09335-4
Ross, R., Pillitteri, V., Graubart, R., Bodeau, B., McQuaid, R.: Developing cyber resilient systems: a systems security engineering approach. SP 800–160, vol. 2 (2019). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2.pdf. Accessed: 28 May 2020
NRC (National Research Council): Disaster resilience: a national imperative. The National Academies Press, Washington, DC (2012)
Ulrich, W., Rosen, M.: The business capability map: building a foundation for business/IT alignment. Cut. Consort. Bus. Enterp. Arch. (2011). http://www.cutter.com/content-and-analysis/resource-centers/enterprise-architecture/sample-our-research/ea110504.html. Accessed 28 May 2020
Zdravkovic, J., Stirna, J., Grabis, J.: A comparative analysis of using the capability notion for congruent business and information systems engineering. J. Complex Syst. Inform. Model. Q. CSIMQ (10), 1–20 (2017). https://doi.org/10.7250/csimq. Accessed 01 Oct 2017
Bērziša, S., et al.: Capability driven development: an approach to designing digital enterprises. Bus. Inf. Syst. Eng. (BISE), 57(1) (2015). https://doi.org/10.1007/s12599-014-0362-0
Sandkuhl, K., Stirna, J. (eds.): Capability Management in Digital Enterprises. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-90424-5. ISBN 978-3-319-90423-8
Bodeau, D., Graubart, R.: Cyber resiliency design principles. United States: The MITRE Corporation, pp. 1–90, January 2017. Technical report, Report No: 17-0103
Stouffer, K., Lightman, S., Pillitteri, V., Abrams, M., Hahn, A.: Guide to industrial control systems (ICS) security. NIST Special Publication 800-82 Revision 2 (2014, 2015)
Mead, N.R., Stehney, T.: Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Softw. Eng. Notes 30(4), 1 (2005)
Mellado, D., Fernndez-Medina, E., Piattini. M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stand. Interfaces 29(2), 244–253 (2007)
Othman, S.H., Beydoun, G.: A disaster management metamodel (DMM) validated. In: Kang, B.-H., Richards, D. (eds.) PKAW 2010. LNCS (LNAI), vol. 6232, pp. 111–125. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15037-1_11
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)
Compagna, L., El Khoury, P., Krausov, A., Massacci, F., Zannone, N.: How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artifcial Intell. Law 17(1), 1–30 (2009)
Mouratidis, H.: Secure software systems engineering: the Secure Tropos approach. JSW 6(3), 331–339 (2011)
Mufti, Y., Niazi, M., Alshayeb, M., Mahmood, S.: A readiness model for security requirements engineering. IEEE Access, 1 (2018). https://doi.org/10.1109/access.2018.2840322
Rehman, Sh., Gruhn, V.: An effective security requirements engineering framework for cyber-physical systems. Technologies 6, 65 (2018). https://doi.org/10.3390/technologies6030065
Tran, H., Campos-Nanez, E., Fomin, P., Wasek, J.: Cyber resilience recovery model to combat zero-day malware attacks. Sci. Direct Comput. Secur. 61 (2016). https://doi.org/10.1016/j.cose.2016.05.001
Galinec, D., Steingartner, W.: Combining cybersecurity and cyber defense to achieve cyber resilience. In: Proceedings of IEEE 14th International Scientific Conference on Informatics. IEEE (2017). https://doi.org/10.1109/informatics.2017.8327227
Gourisetti, S.N.G., et al.: Secure design and development cybersecurity capability maturity model (SD2-C2M2): next-generation cyber resilience by design. In: Proceedings of the Northwest Cybersecurity Symposium, NCS’19, International Conference Proceeding Series (ICPS), ACM Digital Library (2019). https://doi.org/10.1145/3332448.3332461
Björck, F., Henkel, M., Stirna, J., Zdravkovic, J.: Cyber resilience – fundamentals for a definition. In: Rocha, A., Correia, A.M., Costanzo, S., Reis, L.P. (eds.) New Contributions in Information Systems and Technologies. AISC, vol. 353, pp. 311–316. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16486-1_31
Haque, Md.A., Kamdem De Teyou, G., Shetty, S., Krishnappa, B.: Cyber resilience framework for industrial control systems: concepts, metrics, and insights. In: Proceedings of IEEE International Conference on Intelligence and Security Informatics Conference, ISI. IEEE (2018). https://doi.org/10.1109/isi.2018.8587398
Athinaiou, M., Mouratidis, H., Fotis, T., Pavlidis, M., Panaousis, E.: Towards the definition of a security incident response modelling language. In: Furnell, S., Mouratidis, H., Pernul, G. (eds.) TrustBus 2018. LNCS, vol. 11033, pp. 198–212. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98385-1_14
Zdravkovic, J., Stirna, J., Kuhr, J.-C., Koç, H.: Requirements engineering for capability driven development. In: Frank, U., Loucopoulos, P., Pastor, Ó., Petrounias, I. (eds.) PoEM 2014. LNBIP, vol. 197, pp. 193–207. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45501-2_14
Acknowledgments
This research is partially funded by the Ministry of Education and Science, Republic of Latvia, project ARTSS - Advanced Resilience Technologies for Secure Service, no. VPP-COVID-2020/1-0009.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Mouratidis, H., Zdravkovic, J., Stirna, J. (2020). Cyber Security Resilience in Business Informatics: An Exploratory Paper. In: Buchmann, R.A., Polini, A., Johansson, B., Karagiannis, D. (eds) Perspectives in Business Informatics Research. BIR 2020. Lecture Notes in Business Information Processing, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-61140-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-61140-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61139-2
Online ISBN: 978-3-030-61140-8
eBook Packages: Computer ScienceComputer Science (R0)