Skip to main content
SpringerLink
Log in

Towards an Architecture for Collaborative Cross–Organizational Security Requirements Management

  • Conference paper
Business Information Systems (BIS 2013)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 157))

Included in the following conference series:

Abstract

Organizations increasingly adopt or consider adopting external services hoping for higher flexibility and reduced costs. However, currently existing deficiencies of processes and tools force service consumers to renounce from the expected advantages and to trade off profitability against security. These security and compliance concerns are predominately due to negligence or manual resolution of security policy and configuration dependencies, caused by distinct terminologies, languages and tools used at both the service provider and service customer. To overcome these kind of problems in the collaborative cross–organizational security management, we have developed CoSeRMaS, a collaborative and semi–automated tool to manage, define and validate inter- and cross–organizational security requirements. This paper introduces the CoSeRMaS prototype and gives an overview of the features that have been developed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Motahari-Nezhad, H.: Outsourcing business to cloud computing services: Opportunities and challenges. In: 2010 4th IEEE International Conference on Digital Ecosystems and Technologies (DEST), vol. 4, pp. 91–112 (2010)

    Google Scholar 

  2. Weinhardt, C., Anandasivam, A., Blau, B., Borissov, N., Meinl, T., Michalk, W., Stößer, J.: Cloud Computing – A Classification, Business Models, and Research Directions. Business & Information Systems Engineering 1(5), 391–399 (2009)

    Article  Google Scholar 

  3. Thalmann, S., Bachlechner, D., Demetz, L., Maier, R.: Challenges in Cross-Organizational Security Management. In: 2012 45th Hawaii International Conference on System Science (HICSS), pp. 5480–5489 (2012)

    Google Scholar 

  4. Kandukuri, B.R., Ramakrishna Paturi, V., Rakshit, A.: Cloud security issues. In: Proceedings of the 2009 IEEE International Conference on Services Computing, SCC 2009, pp. 517–520. IEEE Computer Society, Washington, DC (2009)

    Chapter  Google Scholar 

  5. Hofmann, P., Woods, D.: Cloud computing: the limits of public clouds for business applications. IEEE Internet Computing 14(6), 90–93 (2010)

    Article  Google Scholar 

  6. Takabi, H., Joshi, J., Ahn, G.: Security and privacy challenges in cloud computing environments. IEEE Security & Privacy 8, 25–31 (2010)

    Article  Google Scholar 

  7. Racz, N., Panitz, J., Amberg, M.: Governance, risk & compliance (grc) status quo and software use: Results from a survey among large enterprises. In: Proceedings of the Australasian Conference on Information Systems, vol. (21), pp. 337–347 (2010)

    Google Scholar 

  8. Kantarcioglu, M., Bensoussan, A., (Celine) Hoe, S.R.: Impact of security risks on cloud computing adoption. In: 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton), vol. 49, pp. 670–674 (2011)

    Google Scholar 

  9. Shaikh, F., Haider, S.: Security threats in cloud computing. In: Proceedings of the 2011 International Conference for Internet Technology and Secured Transactions (ICITST), pp. 11–14 (December 2011)

    Google Scholar 

  10. Jing, X., Jian-Jun, Z.: A Brief Survey on the Security Model of Cloud Computing. In: 2010 Ninth International Symposium on Distributed Computing and Applications to Business, Engineering and Science, vol. 9, pp. 475–478 (2010)

    Google Scholar 

  11. Guo, Z., Song, M., Song, J.: A Governance Model for Cloud Computing. In: Proceedings of the 2010 International Conference on Management and Service Science (MASS), vol. (2007) (2010)

    Google Scholar 

  12. Alhamad, M., Dillon, T., Chang, E.: Service Level Agreement for Distributed Services: A Review. In: 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing, vol. 9, pp. 1051–1054 (2011)

    Google Scholar 

  13. Wang, M., Wu, X., Zhang, W., Ding, F., Zhou, J., Pei, G.: A Conceptual Platform of SLA in Cloud Computing. In: 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing, vol. 9, pp. 1131–1135 (2011)

    Google Scholar 

  14. Nurmi, D., Wolski, R., Grzegorczyk, C., Obertelli, G., Soman, S., Youseff, L., Zagorodnov, D.: The eucalyptus open-source cloud-computing system. In: 9th IEEE/ACM International Symposium on Cluster Computing and the Grid, CCGRID 2009, pp. 124–131. IEEE (2009)

    Google Scholar 

  15. Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot topics in Cloud Computing, p. 3. USENIX Association (2009)

    Google Scholar 

  16. Lenk, A., Klems, M., Nimis, J., Tai, S., Sandholm, T.: What’s inside the Cloud? An architectural map of the Cloud landscape. In: Proceedings of the 2009 ICSE Workshop on Software Engineering Challenges of Cloud Computing, pp. 23–31 (2009)

    Google Scholar 

  17. Zhang, L.J., Zhou, Q.: CCOA: Cloud computing open architecture. In: IEEE International Conference on Web Services, pp. 607–616. IEEE (2009)

    Google Scholar 

  18. Sedaghat, M., Hernandez, F., Elmroth, E.: Unifying Cloud Management: Towards Overall Governance of Business Level Objectives. In: 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, vol. 11, pp. 591–597 (2011)

    Google Scholar 

  19. Ahmad, R., Janczewski, L.: Governance Life Cycle Framework for Managing Security in Public Cloud: From User Perspective. In: 2011 IEEE 4th International Conference on Cloud Computing, vol. 4, pp. 372–379 (2011)

    Google Scholar 

  20. He, Q., Otto, P., Antón, A.I., Jone, L.: Ensuring compliance between policies, requirements and software design: A case study. In: Fourth IEEE International Workshop on Information Assuranc, vol. 4, pp. 209–221 (2006)

    Google Scholar 

  21. Basin, D., Klaedtke, F., Müller, S.: Monitoring Security Policies with Metric First-order Temporal Logic. Control 12, 23–33 (2010)

    Google Scholar 

  22. Lam, P.E., Mitchell, J.C., Sundaram, S.: A formalization of HIPAA for a medical messaging system. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) TrustBus 2009. LNCS, vol. 5695, pp. 73–85. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. Tarantino, A.: Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices. Wiley (2008)

    Google Scholar 

  24. Bagranoff, N.A., Henry, L.: Choosing and Using Sarbanes-Oxley Software. Information Systems Control Journal 2, 49–51 (2005)

    Google Scholar 

  25. Spies, M.: A software assurance evidence approach to cloud security. In: 2011 22nd International Workshop on DEXA, pp. 39–43. IEEE (2011)

    Google Scholar 

  26. Racz, N., Weippl, E., Bonazzi, R.: IT Governance, Risk & Compliance (GRC) Status Quo and Integration: An Explorative Industry Case Study. In: 2011 IEEE World Congress on Services (SERVICES), pp. 429–436. IEEE (2011)

    Google Scholar 

  27. Racz, N., Weippl, E., Seufert, A.: Governance, Risk & Compliance (GRC) Software-An Exploratory Study of Software Vendor and Market Research Perspectives. In: 2011 44th Hawaii International Conference on System Science, pp. 1–10. IEEE (2011)

    Google Scholar 

  28. Sadiq, S., Governatori, G.: A methodol. In: Handbook of Business Process Management. Springer (2009)

    Google Scholar 

  29. Breu, R., Farwick, M., Innerhofer-Oberperfler, F., Brunner, M., Julisch, K., Karjoth, G.: D2.1 A Framework for Business Level Policies. Technical Report 257129, PoSecCo project (project no 257129) FP7 (2011)

    Google Scholar 

  30. Innerhofer-Oberperfler, F., Hafner, M., Breu, R.: Living Security - Collaborative Security Management in a Changing World. Parallel and Distributed Computing and Networks/720: Software Engineering 23, 467–489 (2011)

    Google Scholar 

  31. Breu, R.: Ten Principles for Living Models - A Manifesto of Change-Driven Software Engineering. In: 2010 International Conference on Complex, Intelligent and Software Intensive Systems, vol. 12, pp. 1–8 (2010)

    Google Scholar 

  32. Sillaber, C., Kalb, P., Breu, R.: D2.3 Software for a model-driven policy design. Technical report, PoSecCo project (project no 257129), 7th Framework Programme for R&D (FP7) (2012)

    Google Scholar 

  33. Brunner, M.: Specification and architecture for a tool to manage business security requirements based on enterprise architecture management. Master’s thesis, University of Innsbruck, Austria (2013)

    Google Scholar 

  34. Sillaber, C., Breu, R.: Managing legal compliance through security requirements across service provider chains: A case study on the German Federal Data Protection Act. In: Informatik 2012: Proceedings der GI/GMDS-Jahrestagung, pp. 1306–1317. Gesellschaft fuer Informatik (GI) (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Innsbruck, 6020, Innsbruck, Austria

    Christian Sillaber, Michael Brunner & Ruth Breu

Authors
  1. Christian Sillaber
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Brunner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Systems, Poznań University of Economics, Poznań, Poland

    Witold Abramowicz

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sillaber, C., Brunner, M., Breu, R. (2013). Towards an Architecture for Collaborative Cross–Organizational Security Requirements Management. In: Abramowicz, W. (eds) Business Information Systems. BIS 2013. Lecture Notes in Business Information Processing, vol 157. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38366-3_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38366-3_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38365-6

  • Online ISBN: 978-3-642-38366-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation