Enterprise Modeling and Information Security
Current business process modeling approaches are well suited for showing the sequence of activities. They are less appropriate for reflecting information flows. However, in the context of information security, the reflection of information flows is an essential instrument for analyzing the way how information shall be organized with respect to the activity flow and enterprise architecture. Taking into consideration that security concerns not only technical devices and access rights in databases, the enterprise models that reflect organizational structure (including roles), technical architecture, information architecture, and relationships between aforementioned models are useful to identify and use different patterns that reflect the need for caring for security. The usage of the enterprise models also helps to identify methods for establishing the requested level of security. To illustrate how enterprise models can be used in caring for information security, several security requirements patterns, represented in BPMN, will be discussed focusing on the relationship between the information flow in the pattern and the corresponding enterprise architecture elements.
Lecture at NEMO2017
Date/Time: Wednesday, July 26, 2017 at 09:00