Process business modeling of emerging security threats with BPMN extension

Effective and rational management of a company cannot take place without the use of information technologies. Additionally, according to specific security requirements to protect the IT system against different threats, the development of a security system is significant for the companies and their clients and satisfactory common cooperation. The BPMN (Business Process Model and Notation) can be used for this purpose; however, the basic version of BPMN and its current extensions do not support the service of security threats. For this reason, we propose to extend the BPMN to be possible to model the chosen security issues coming from company business processes. The paper deals with the selected aspects of security requirements modeling in terms of emerging threats on the example of existing extensions of business process modeling language and the proposition of BPMN extension for chosen security issues together with the definition of information security policy

Politika kalboje ir kalba politikoje. Korektiškos kalbos gairės Europos Parlamento vidaus ir išorės komunikacijai

The article discusses the key principles invoked and issues addressed while drafting the Lithuanian language version of the Glossary of Sensitive Language for Internal and External Communication of the European Parliament. As a first step, it offers a short overview of the three categories of terminology presented in the Glossary related to disability, LGBTQ+, and race, ethnicity and religion. Thereafter it touches upon the issues pertaining its use in the light of current societal trends, correct and clear language requirements, influence of foreign languages and human rights. The article argues that sensitive language is imperative in communication with disadvantaged groups continuously marred by prejudices, fears, and stereotypes. Based on this proposition the article emphasizes the importance of political correctness as personal stance. At the same time, it exemplifies limitations thereof that could be triggered by the language system itself.Straipsnyje apžvelgiami Korektiškos kalbos gairių Europos Parlamento vidaus ir išorės komunikacijai rengimo lietuvių kalba atspirties taškai ir problemos. Vartotinos ir vengtinos sąvokos, kurios šiose gairėse klasifikuojamos į tris grupes, susijusias su negalia, LGBTQ+ bei rase, tautybe ir religija, aptariamos ne tik vartojimo tendencijų, taisyklingos kalbos reikalavimų ir kitų kalbų įtakos, bet ir žmogaus teisių kontekste. Straipsnyje laikomasi nuostatos, kad korektiška kalba yra būtinybė komunikuojant su asmenimis, priklausančiais pažeidžiamoms visuomenės grupėms, kurias iki šiol gaubia prietarai, baimės ir stereotipai. Viena vertus, akcentuojama politinio korektiškumo, kaip asmeninės laikysenos, svarba. Kita vertus, remiantis konkrečiais pavyzdžiais brėžiamos jo ribos, kurias neretai lemia ne kas kitas, kaip pati kalbos sistema

Arguing security: validating security requirements using structured argumentation

This paper proposes using both formal and structured informal arguments to show that an eventual realized system can satisfy its security requirements. These arguments, called 'satisfaction arguments', consist of two parts: a formal argument based upon claims about domain properties, and a set of informal arguments that justify the claims. Building on our earlier work on trust assumptions and security requirements, we show how using satisfaction arguments assists in clarifying how a system satisfies its security requirements, in the process identifying those properties of domains that are critical to the requirements

Incremental verification and synthesis of discrete-event systems guided by counter-examples

This article presents new approaches to system verification and synthesis based on subsystem verification and the novel combined use of counterexamples and heuristics to identify suitable subsystems incrementally. The scope of safety properties considered is limited to behavioral inclusion and controllability. The verification examples considered provide a comparison of the approaches presented with straightforward state exploration and an understanding of their applicability in an industrial context

Theory of Regulatory Compliance for Requirements Engineering

Regulatory compliance is increasingly being addressed in the practice of requirements engineering as a main stream concern. This paper points out a gap in the theoretical foundations of regulatory compliance, and presents a theory that states (i) what it means for requirements to be compliant, (ii) the compliance problem, i.e., the problem that the engineer should resolve in order to verify whether requirements are compliant, and (iii) testable hypotheses (predictions) about how compliance of requirements is verified. The theory is instantiated by presenting a requirements engineering framework that implements its principles, and is exemplified on a real-world case study.Comment: 16 page