Methodology of security engineering for industrial security management systems

The methodology of security engineering links the empirical and theoretical studies with a constructive view of researches on information security and its applications on how to design and deliver industrial information systems securely. This special issue is aimed to provide a variety and wealth of contributions in the security engineering for industrial security management systems. The first paper, titled IT Compliance of Industrial Information Systems: Technology Management and Industrial Engineering Perspective, is authored by Sangkyun Kim. In this paper, a common framework for IT compliance is provided. This paper reviews on compliance age and describes the characteristics of business records communicated via industrial information systems. The IT compliance framework suggested in this paper consists of a security component, intelligence plug-ins, records management component, evidence management component, and business component. The second paper, titled Archetypal Behavior in Computer Security, is co-authored by Shalom N. Rosenfeld, Ioana Rus, and Michel Cukier. Using a systemic approach, namely system archetypes, this paper diagnoses and provides solutions to issues encountered in organizational computer security. A model and simulation of some aspects of security based on system dynamics principles are developed. This paper combines two archetypes and shows the computer security relevance of such combinations. The authors describe a scenario where two archetypes can help in diagnosis and understanding, and present simulation of ‘‘what-if’’ scenarios remedying these problems and improving benefits. The third paper, titled Managing Information Security in a Business Network of Machinery Maintenance Services Business – Enterprise Architecture as a Coordination Tool, is co-authored by Mirja Pulkkinen, Anton Naumenko, and Kari Luostarinen. This paper provides motivation and a roadmap for implementing integrated security management solutions in a business network of partners with heterogeneous technologies. It proposes an enterprise architecture approach as a pre-requisite for transparent