An Extension of Business Process Model and Notation for Security Risk Management

Kaasaegsed infosüsteemide arendamise metoodikad hõlmavad erinevaid tehnilisi äriprotsesside modelleerimise meetmeid. Äriprotsesside modelleerimiseks kasutatav keel (BPMN) on tänapäeval muutunud üheks standartseks meetmeks, mis edukalt rakendatakse infosüsteemide loomisel ning edasi arendamisel selleks, et ettevõtete äriprotsesse kirjeldada ja modelleerida.Vaatamata sellele, et BPMN on hea töörist, mille abil on võimalik ettevõtte äriprotsesse mõistma ja esitama, see ei võimalda äriprotsesside modelleerimisel adresseerida süsteemi turvalisuse aspekte. Autor leiab, et see on BPMN nõrk külg, selle pärast, et turvalise infosüsteemi arendamiseks on oluline nii äriprotsesse kui ka süsteemi turvalisust vaadeldada tervikuna. Käesolevas magistritöös autor töötab välja BPMN 2.0 keele jaoks uusi elemente, mis edaspidi peavad võimaldama adresseerima turvalisuse temaatika süsteemi modelleerimisel. Autori pakutud lahendus põhineb BPMN modelleerimiskeele seostamisel turvalisuse riski juhendamise metoodikaga (ISSRM). Antud magistritöös rakendatakse struktureeritud lähenemine BPMN peamiste aspektide analüüsimisel ja turvalisuse riskide juhtimiseks uute elementide väljatöötamisel, selleks ühildades BPMN ning ISSRM-i kontsepte. Magistritöös on demonstreeritud väljatöötatud lisaelementide kasutus, selgitatud kuidas antud elementidega laiendatud BPMN võimaldab väljendada ettevõtte varasid (assets), nendega seotuid riske (risks) ja riskide käsitlust (risk treatment). See on analüüsitud internetkaupluse varade konfidentsiaalsuse, terviklikkuse ja kättesaadavuse näitel. Autor on veendunud, et BPMN laienemine turvalisuse kontseptide osas ja antud töö raames tehtud konkreetsed ettepanekud aitavad infosüsteemide analüütikutele mõistma kuidas süsteemi turvalisust arendada nii, et läbi äriprotsessi tuvastatud olulisemate ettevõtte varade turvalisus oleks infosüsteemis käsitletud ning tagatud. Autori poolt antud käsitlus on vaadeldud ka laiemas mõttes, nimelt, BPMN keelele pakutud laienemisega avaneb perspektiiv äriprotsesside ja turvalisuse mudeleite koosvõimele ning BPMN-i teiste modelleerimise metoodikatega, nagu ISSRM või Secure Tropos, integreerimisele.Modern Information System (IS) development supports different techniques for business process modelling. Recently Business Process Model and Notation (BPMN) has become a standard that allows modelers to visualize organizational business processes. However, despite the fact that BPMN is a good approach to introduce and understand business processes, there is no opportunity to address security concerns while analysing the business needs. This is a problem, since both business processes and security concerns should be understood in parallel to support a development of the secure systems. In current thesis we introduce the extensions for BPMN 2.0 regarding security aspects. The following proposal is based on alignment of the modelling notation with IS security risk management (ISSRM).We apply a structured approach to understand major aspects of BPMN and propose extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We demonstrate the use of extensions, illustrating how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store assets’ confidentiality, integrity and availability. We believe that our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. We also attempt to observe the following approach in the broader sense and we open a possibility for the business and security model interoperability and the model transformation between BPMN and another modelling approach also aligned to ISSRM, Secure Tropos

Using regression tools to assess hazard identification in the U.S. army risk management process

This research considers whether a person‟s demographic and experiential attributes play a significant role in how they perceive the presence or absence of hazards in a given situation. The goal of the research is to show that participants with enlisted military experience, prior to being commissioned as a junior officer, would be more successful at identifying the hazards presented in military scenarios than those who had only been trained on the process via their pre-commissioning and initial entry courses of instruction. The research study involves the use of two surveys with realistic military scenarios including both Foot March and Maintenance scenarios. The data collected from the surveys was analyzed using data mining techniques, in particular Nearest Neighbor (NN) algorithm and Logistic Regression Model (LRM). NN determines how similar a participant‟s case is to an expert case and LRM analyzes the outputs in a way that allows us to see if any of the seven experiential and demographic attributes considered had a significant impact on a participant‟s ability to perform well on the assessment. While the results did not conclusively prove that experience or other demographic attributes had a statistically significant impact on a participant‟s overall performance, the results did suggest that the idea that those same attributes do not have an impact cannot be rejected. This research could provide useful feedback to the U.S. Army on the way they train and educate junior officers on their Risk Management process

A pattern-based development of secure business processes

Iga andmeturbest huvitatud äriettevõte valib iseendale sobilikud turvameetmed, et vältida ootamatuid sündmusi ja õnnetusi. Nende turvameetmete esmane ülesanne on kaitsta selle äriettevõtte ressursse ja varasid. Äriettevõtetes aset leidvad õnnetused (vähemtähtsad või katastroofilised) on enamikel juhtudel oma olemuselt sarnased ning põhjustatud sarnaste turvariskide poolt. Paljudel andmeturbe spetsialistidel on raskusi leidmaks õiget lahendust konkreetsetele probleemidele, kuna eelmiste samalaadsete probleemide lahendused ei ole korrektselt dokumenteeritud. Selles kontekstis on turvalisuse mustrid (Security Patterns) kasulikud, kuna nad esitavad tõestatud lahendusi spetsiifiliste probleemide jaoks. Käesolevas väitekirjas arendasime välja kümme turvariskidele suunatud mustrit (SRP ehk Security Risk-oriented Patterns) ja defineerisime, kuidas kasutada neid mustreid vastumeetmetena turvariskidele äriprotsesside mudelite sees. Oma olemuselt on need mustrid sõltumatud modelleerimiskeelest. Lihtsustamaks nende rakendamist, on mudelid esitatud graafilises vormingus äriprotsesside modelleerimise keeles (BPMN). Me demonstreerime turvariskidele suunatud mustrite (SRP) kasutatavust kahe tööstusettevõtte ärimudeli näite põhjal. Esitame mustrite rakendamise kohta kvantitatiivsed analüüsid ja näitame, kuidas turvariskidele suunatud mustrid (SRP) aitavad demonstreerida andmeturbe nõrku kohti ärimudelites ning pakume välja lahendusi andmeturvalisusega seotud probleemidele. Selle uurimistöö tulemused võivad julgustada andmeturvalisusega tegelevaid analüütikuid jälgima mustritel-põhinevaid lähenemisi oma äriettevõtete kaitsmiseks, et aidata seeläbi kaasa ka infosüsteemide (Information Systems (IS)) kaitsmisele.Every security concerned enterprise selects its own security measures in order to avoid unexpected events and accidents. The main objective of these security measures is to protect the enterprise’s own resources and assets from damage. Most of the time, the accidents or disasters take place in enterprise are similar in nature, and are caused by similar kind of vulnerabilities. However, many security analysts find it difficult to select the right security measure for a particular problem because the previous proven solutions are not properly documented. In this context Security Patterns could be helpful since they present the proven solutions that potentially could be reused in the similar situations. In this thesis, we develop a set of ten Security Risk-oriented Patterns (SRP) and define the way how they could be used to define security countermeasures within the business process models. In principle, patterns are modelling language-independent. Moreover, to ease their application, we represent them in a graphical form using the Business Process Modelling Notation (BPMN) modelling approach. We demonstrate the usability of the Security Risk-oriented Patterns (SRP) by applying them on two industrial business models. We present the quantitative analysis of their application. We show that Security Risk-oriented Patterns (SRP) help to determine security risks in business models and suggest rationale for security solutions. The results of this research could potentially encourage the security analysts to follow pattern-based approach to develop secure business processes, thus, contributing to secure Information Systems (IS)

Interplay of Misuse Case and Fault Tree Analysis for Security and Safety Analysis

Ohutus ja turvalisus infosüsteemides muutuvad aasta-aastalt üha olulisemaks. Seda seetõttu, et kaasaegsed infosüsteemid on üha enam levinud veebiteenustes, -võrgustikes ja –pilvedes. Ohutuse seisukohalt olulisi süsteeme, mida ei ole varem Internetis kasutatud, tehakse ümber, et muuta neid kasuatatvaks Internetis. Selle tulemusena on tekkinud vajadus leida uusi meetodeid, mis kindlustaks nii ohutuse kui turvalisuse tarkvarasüsteemides. Kui ohutust ja turvalisust ei käsitleta koos, võivad nad riske suurendada – olukorra ohutuks muutmine võib tekitada riski turvalisuses ning sellest tekib probleem. Näiteks lukustatud uksed ühiselamutes turvalisuse huvides, kaitsmaks sealseid elanikke röövide ning muude võimalike kuritegude eest. Uste avamiseks kasutavad ühiselamu elanikud kaarte, mis uksed avavad. Tulekahju korral aga avanevad uksed ohutuse eesmärgil automaatselt ning kurjategijad, lülitades sisse tuletõrjealarmi, pääsevad ühiselamu elanike vara juurde.Antud uurimistöös antakse ülevaade ohutusest ja turvalisusest kui ühtsest süsteemist, määratledes ohutuse ja turvalisuse mõisted ning otsides võimalikke viise nende integreerimiseks, arendades koosmõju ohutuse ja turvalisuse vahel kasutades misuse case´i ja fault tree analysis´i. Töös selgitatakse fault tree analysis´i sobivust ohutuse domeeni mudelisse ja püütakse leida koosmõju fault tree analysis´i ja misuse case´i tehnikate vahel. Kasutades nii ohutuse kui turvalisuse domeenimudeleid ning tekitades koosmõju tehnikate vahel, on oodatud tulemuseks ohutuse ja turvalisuse probleemi lahendamine tarkvarasüsteemides. Usutavasti aitab antud uurimistöö kaasa ohutuse ja turvalisuse integreerimisvõimaluste leidmisele selgitades fault tree analysis sobivust ohutuse domeenimudelisse, kasutades misuse case´i ja information security risk management´i seost ja kooskõlastades seda misuse case´i tehnikaga Samuti selgitatakse töös uut metoodikat, kuidas kasutada fault tree analysis-d ja misuse case´i selleks, et saavutada nii ohutus kui turvalisus kaasaegsetes infosüsteemides. Lisaks sellele testiti töös selgitatud sobivust usaldusväärse stsenaariumi korral, mis kinnitab sobivuse paikapidavust.Nowadays safety and security are becoming more and more important because of the fact that modern information systems are increasingly distributed over web-services, grids and clouds. Safety critical systems that were not utilizing usage over Internet are being re-engineered in order to be use over Internet. As a consequence of this situation there is need of new methods that cover both security and safety aspects of software systems, since these systems are used in transportation, health and process control systems that arises risk of physical injury or environmental damage. Additionally when safety and security aspects are not considered together they may violate each other while one situation is making a case safe it may violate security and this is a problem. Such as in the sample of lock doors at dormitories for security purpose to protect inhabitants against robbery and some other possible crimes, those inhabitants of dormitories use distance keys to unlock them but in case of a fire situation in the building for safety purposes these lock doors are unlocking themselves and by activating fire alarms attackers can get access to inhabitants properties. In current thesis we introduce integrated domain models of security and safety, extracting definitions from safety and security domains and finding possible pairs to integrate. Developing interplays between security and safety technique that is misuse cases and fault tree analysis. We demonstrate alignment of fault tree analysis to safety domain model and making interplay between techniques from fault tree analysis to misuse cases. By using the domain models of both security and safety and making interplay between techniques we proposed an integrated technique we expect to solve the problem to cover both safety aspects of software system benefiting from complementary strengths of security domain model and techniques. We believe that our study is contributing to the integration attempts of security and safety techniques by illustrating alignment of fault tree analysis with safety domain model benefitting from misuse cases and information security risk management relationship and making interplay with misuse case technique. And also we illustrate a new methodology on how to use fault tree analysis and misuse cases in order to elicit safety concerns in a new information system by having interplay with misuse case. Moreover, we test correctness of our methodology by making results comparison of a safety risk analyze done

Information Security Risk Management: In Which Security Solutions Is It Worth Investing?

As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues. Information security risk management provides an approach for measuring the security through risk assessment, risk mitigation, and risk evaluation. Although a variety of approaches have been proposed, decision makers lack well-founded techniques that (1) show them what they are getting for their investment, (2) show them if their investment is efficient, and (3) do not demand in-depth knowledge of the IT security domain. This article defines a methodology for management decision makers that effectively addresses these problems. This work involves the conception, design, and implementation of the methodology into a software solution. The results from two qualitative case studies show the advantages of this methodology in comparison to established methodologies

Security Risk Management for the IoT systems

Alates 2012. aastast on ülemaailmne infastruktuuri üksuste arv (The Internet of Things) jõudsalt kasvanud üle kahe korra. Koos selle numbriga on ka kasvanud ka võimalikud riskid ning ohud, mis mõjutavad süsteemi turvalisust. Tulemuseks on suur hulk isiklikke andmeid kas varastatud või kahjustatud. Vastavalt allikatele "Third Quarter, 2016 State of the Internet / Security Report" ja "Akamai Intelligent Platform", on DdoS Q3 rünnakute arv suurenenud 2016 aastal 71% võrreldes aastaga 2015. Kõige suurem DdoS fikseeritud rünnakutest oli 623 Gbps rünnak. Kõik need faktid tõestavad, et Iot süsteemis on veel siiamaani probleeme isikuandmete turvalisusega. Isklikud andmed on ohtude suhtes haavatavad. Käesolev töö ühendab Iot raamastikus turvalisuse riskijuhtimine teadmised olemasoleva praktikaga. Raamastiku eesmärgiks on tugevdada Iot süsteemi nõrku osi ning kaitsta isiklikke andmeid. Pakume välja esialgse igakülgse võrdlusmudeli juhtkontrolli turvariskideks IoT süsteemides hallatavate ja kontrollitavate info- ja andmevarade jaoks. Infosüsteemide turvalisuse riskijuhtimise valdkonna domeeni mudeli põhjal uurime, kuidas avatud veebirakenduse turvalisuse projektis määratletud turvaauke ja nende vastumeetmeid võiks vaadelda IoT kontekstis. Selleks, et illustreerida etalonmudeli rakendamist, katsetatakse raamistikku IoT-süsteemil. Sellesse süsteemi kuuluvad Raspberry Pi 3, sensorid ning kaugandmete ladustamine.Since 2012 the number of units in global infrastructure for the information society (The Internet of Things) has grown twice. With this number also has grown the number of possible threats and risks, which influence security on all levels of the system. As a result, a huge amount of users' data was stolen or damaged. According to Third Quarter, 2016 State of the Internet / Security Report based on data gathered from the Akamai Intelligent Platform the total number of DDoS attacks in Q3 2016 increased in 71\\% compared to Q3 2015. With 623 Gbps data transfer attack it was largest DDoS ever and this fact will only increase the number of future attack events. All these facts reveal a problem that a lot of IoT systems are still unsecured and users' data or personal information stay vulnerable to threats. The thesis combines knowledge of Security Risk Management with existing practice in securing in IoT into a framework, which aim is to cover vulnerabilities in IoT systems in order to protect users' data. We propose an initial comprehensive reference model to management security risks to the information and data assets managed and controlled in the IoT systems. Based on the domain model for the information systems security risk management, we explore how the vulnerabilities and their countermeasures defined in the open Web application security project could be considered in the IoT context. To illustrate the applicability of the reference model we test the framework on self-developed IoT system represented by Raspberry Pi 3 interconnected with sensors and remote data storage

Alignment of Misuse Cases to ISSRM

Digitaalse ja sotsiaalse elu vaheline piirjoon on hägunemas ning informatsiooni süsteemide turvalisuse ja informatsiooni per se turvalisus tekitab muret. Samuti pälvib tähelepanu süsteemide turvalisuse arendamine ja säilitamine. Olemasolevad uurimused viitavad mitmetele juhtumitele, kus turvalisuse aspekti võeti arvesse ainult süsteemi väljatöötamise protsessi lõpus, jättes välja süstemaatilise turvalisuse analüüsi süsteemi ja tarkvara nõuete ja kavandamise etappidel. Misuse case diagrams on üks võimalikke viise seostada turvalisuse analüüsi ja süsteemi funktusionaalsete nõuete definitsiooni. Nende peamine eesmärk on negatiivsete stsenaariumite modeleerimine, seoses defineeritud süsteemi funktsionaalsete nõuete esilekutsumise ja analüüsiga. Hoolimata sellest eelisest on väärkasutatud juhtumid üsna ebatäpsed; nad ei täida riskianalüüsi organiseerimise strateegiaid, ja seega võivad viia valetõlgendamiseni turvalisusega seotud konseptsioonides. Sellised limitatsioonid võivad potentsiaalselt viia puudulike lahendusteni turvalisuse alal. Sageli tuleb organisatsioonidel leida enda turvalisuse lahendused, et kaitsta oma ressursse ja varasid. Käesolevas töös rakendame süstemaatilist lähenemist, et mõista kuidas Misuse case diagrams aitavad organiseerida ettevõtete varasid, potentsiaalseid süsteemiriske ja turvalisuse nõudeid, et leevendada riske. Täpsemalt ühtlustame Misuse case konstruktsiooni domeeni mudeli kontseptiga, informatsiooni süsteemi turvalisusriski haldamiseks (Information Systems Security Risk Management; ISSRM). Lisaks, põhinedes ISSRM ja keelelisele ühtlustamisele, uurime ja arendame reeglid, et tõlkida Misuse cas diagrams Secure Tropos mudelile. Käesoleva uurimuse panusel on mitmeid eeliseid. Esmalt aitab potentsiaalselt mõista, kuidas Misuse case turvalisuse riski haldamisega tegeleb. Teiseks määratleb meetodi, mis toetab turvalisuse nõuete põhjendamist arendatud süsteemi kehtestamisel ja rakendamisel. Viimaseks, Secure Troposi transformeerumine aitab potentsiaalselt arendajatel (ja teistel süsteemi vahendajatel) mõista miks turvalisuse lahendused on olulised ning millised on erinevate huvigruppide kompromissid. Plaanime kinnitada saadud tulemused, kus mudeli kvaliteet seoses selle arusaadavusega on mõõdetud Misuse case diagram jaoks. Usume, et selline Misuse case seadistamine koos ISSRM ja Misuse case diagram transformeerumine eesmärgile orienteeritud modelleerumisele, on kasulik süsteemi ja tarkvara arendajatele. Esmalt aitab mõista turvalisusega seotud probleeme varajastes arendamise staadiumites. Teiseks aitab vaadata probleemi erinevatest vaatenurkadest, mõistes erinevaid turvalisuse arendamise perspektiive.As a line between digital and social life is diminishing, security concerns of information systems and information per se, also developing and maintaining system security are gaining a rising attention. Nevertheless, the existing practices report on numerous cases when security aspects were considered only at the end of the system development process, thus, missing the systematic security analysis during system and software requirements and design stages. Misuse case diagrams are one of the possible ways to relate security analysis and system functional requirements definition. Their main goal is to model negative scenarios with respect to the defined system functional requirement elicitation and analysis. Despite this fundamental advantage, misuse cases tend to be rather imprecise; they do not comply with security risk management strategies, and, thus, could lead to misinterpretation of the security-related concepts. Such limitations could potentially result in poor security solutions. Quite often, the organizations have to adopt their own security solutions to safeguard their resources and assets. In this thesis we will apply a systematic approach to understand how misuse case diagrams could help model organisational assets, potential system risks, and security requirements to mitigate these risks. More specifically we will align misuse case constructs with the concepts of the domain model for the information systems security risk management (ISSRM). In addition, based on such an ISSRM and language alignment we will investigate and develop rules to translate misuse case diagrams to the Secure Tropos model. The contribution of this research has several benefits. Firstly, it will potentially help understand how misuse case could deal with security risk management. Secondly, it will define method to support reasoning for the security requirements introduction and implementation in the developed system. Finally the transformation to the Secure Tropos would potentially help developers (and other system stakeholders) to understand why security solutions are important and what different stakeholder trade-offs are. We plan to validate our results where the quality model regarding its comprehensibility will be measured for the misuse case diagrams. We believe that such alignment of the misuse cases with ISSRM and misuse case diagram transformation to the goal-oriented modelling language will be beneficial to system and software developers. Firstly, it will allow understanding security concerns at the earlier stages of development. Secondly it will help to view security problems from different angles, understanding different security development perspectives

Security Ontology for Adaptive Mapping of Security Standards

Adoption of security standards has the capability of improving the security level in an organization as well as to provide additional benefits and possibilities to the organization. However mapping of used standards has to be done when more than one security standard is employed in order to prevent redundant activities, not optimal resource management and unnecessary outlays. Employment of security ontology to map different standards can reduce the mapping complexity however the choice of security ontology is of high importance and there are no analyses on security ontology suitability for adaptive standards mapping. In this paper we analyze existing security ontologies by comparing their general properties, OntoMetric factors and ability to cover different security standards. As none of the analysed security ontologies were able to cover more than 1/3 of security standards, we proposed a new security ontology, which increased coverage of security standards compared to the existing ontologies and has a better branching and depth properties for ontology visualization purposes. During this research we mapped 4 security standards (ISO 27001, PCI DSS, ISSA 5173 and NISTIR 7621) to the new security ontology, therefore this ontology and mapping data can be used for adaptive mapping of any set of these security standards to optimize usage of multiple securitystandards in an organization

Networked world: Risks and opportunities in the Internet of Things

The Internet of Things (IoT) – devices that are connected to the Internet and collect and use data to operate – is about to transform society. Everything from smart fridges and lightbulbs to remote sensors and cities will collect data that can be analysed and used to provide a wealth of bespoke products and services. The impacts will be huge - by 2020, some 25 billion devices will be connected to the Internet with some studies estimating this number will rise to 125 billion in 2030. These will include many things that have never been connected to the Internet before. Like all new technologies, IoT offers substantial new opportunities which must be considered in parallel with the new risks that come with it. To make sense of this new world, Lloyd’s worked with University College London’s (UCL) Department of Science, Technology, Engineering and Public Policy (STEaPP) and the PETRAS IoT Research Hub to publish this report. ‘Networked world’ analyses IoT’s opportunities, risks and regulatory landscape. It aims to help insurers understand potential exposures across marine, smart homes, water infrastructure and agriculture while highlighting the implications for insurance operations and product development. The report also helps risk managers assess how this technology could impact their businesses and consider how they can mitigate associated risks