Configuration and management of security procedures with dedicated ‘spa-lang’ domain language in security engineering

The security policy should contain all the information necessary to make proper security decisions. The rules and needs for specific security measures and methods should be explained in understandable way. None of the existing security mechanisms can guarantee complete protection against threats. In extreme cases, improperly used security mechanisms can lower the level of protection, giving the impression of security that is actually lacking. To enable simple and automated definition of security procedures for IT system of a company or organization, available not only to qualified IT professionals, e.g. system administrators, but also to the company\u27s management staff, it was decided to create an Intelligent System for Automation and Analysis of Security Procedures (iSPA). The paper presents the proposal of use the developed domain language, named \u27spa-lang\u27 for configuration and management of security procedures in security system engineering based on BPMN (Business Process Model and Notation) standard