Holistic security management framework applied in electronic commerce

With the advance of electronic commerce more and more companies have become dependent on their information systems for their daily business operations. This dependency requires the security of these systems to be managed. This paper presents a holistic security management framework that should allow for easy and affordable security management. This process framework is described by hierarchically organized processes which allow for a business, technology and social driven security management. It presents the activities involved in the five core and two support processes which are conducted iteratively. To support this framework three cases of successful applications and an informal evaluation against SSE-CMM are presented.

[1]  Albin Zuccato,et al.  Holistic security requirement engineering for electronic commerce , 2004, Comput. Secur..

[2]  Charles G. Schoderbek,et al.  Management systems: Conceptual considerations , 1985 .

[3]  Ivar Jacobson,et al.  The Unified Software Development Process , 1999 .

[4]  Albin Zuccato,et al.  Holistic Information Security Management Framework for electronic commerce , 2005 .

[5]  Albin Zuccato A Decision Matrix Approach to Prioritize Holistic Security Requirements in E-Commerce , 2005 .

[6]  S. Fischer-Hübner IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms , 2001 .

[7]  Jan H. P. Eloff,et al.  A Methodology for the development of secure Application Systems , 1995 .

[8]  Dave Chaffey E-Business and E-Commerce Management: Strategy, Management, and Applications , 2001 .

[9]  Mark C. Paulk,et al.  Extreme Programming from a CMM Perspective , 2001, IEEE Softw..

[10]  Sebastiaan H. von Solms,et al.  Information Security — the Next Decade , 1995, IFIP Advances in Information and Communication Technology.

[11]  Jean Hitchings Achieving an Integrated Design: The Way Forward for Information Security , 1995 .

[12]  Stephanie Teufel,et al.  The use of business process models for security design in organisations , 1996, SEC.

[13]  Jim Goldman,et al.  Metrics based security assessment (MBSA): combining the ISO 17799 standard with the systems security engineering capability maturity model (SSE-CMM) , 2004 .

[14]  Mark C. Paulk,et al.  The Capability Maturity Model , 1991 .

[15]  Jan Jürjens Using UMLsec and goal trees for secure systems development , 2002, SAC '02.

[16]  R. Winter,et al.  Business Engineering: Auf dem Weg zum Unternehmen des Informationszeitalters , 2000 .

[17]  Sebastiaan H. von Solms,et al.  Information Security - A Multidimensional Discipline , 2001, Comput. Secur..

[18]  Fred P. Brooks,et al.  The Mythical Man-Month , 1975, Reliable Software.

[19]  日本規格協会 情報技術 : 情報セキュリティ管理実施基準 : 国際規格 : ISO/IEC 17799 = Information technology : code of practice for infromation security management : international standard : ISO/IEC 17799 , 2000 .

[20]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[21]  Denis Trèek,et al.  An integral framework for information systems security management , 2003, Comput. Secur..