Development of Security Risk Measurement Model within Misuse Cases and BPMN

Iga organisatsiooni kõige tähtsam ülesanne on oma vara kaitsta. Kuna mitte ühtegi süsteemi ei ole võimalik täielikult turvaliseks teha, seega rakendavad ettevõtted erinevaid kontrolle, et oma vara erinevate ohtude eest kaitsta. Riskianalüüs on üks oluline samm infosüsteemide (IS) turvalisuse tagamises ja tänaseks on välja töötatud erinevaid IS-de riskianalüüsi meetodeid, kuid need osutavad peamiselt üldisi suunised riskide hindamiseks. See dokument, aga käsitleb probleemi kuidas mõõta riski illustreerituna modelleerimiskeelte abist. Selleks on valitud kaks modelleerimise keelt: väärkasutamise juhtumid (Misuse Case) ja äriprotsesside modelleerimiskeel (BPMN). Praktilisest kogemustest on näha, et samad turvaaukudega seotud sündmused toimuvad perioodiliselt ning nende järel turvalisusega seotud riske ei maandata. Seda sellepärast, et ei ole näha turvaaukude korduvat kasutamist või riskide erinevaid tasemeid ja kaotused ei ole mõõdetud, mistõttu arvestatakse, et turvaaukudega kaasnevad probleemid on vähem tähtsad. Teadmata, kui palju kahju üks turvalisusega seotud sündmus teeb, ei saa juhtorgan otsustada, kas tegeleda riski maandamisega või mitte. Kui riskid oleksid mõõdetud ja nende väärtused oleksid nähtavad, oleks lihtsam teha õigeid otsuseid riskide maandamiseks. Selle töö eesmärk on aidata organisatsiooni juhtidel aru saada kui tõsised on turvalisusega seotud riskid, selleks visualiseerides meetrikaid ja tuues välja riskide kalkulatsioone. Et seda teha ka modelleerimiskeeltes, tuleb selleks visualiseerida riskidega seotud juhtumeid. Alles seejärel on võimalik mõõta turvalisusega seotud juhtumite tõsisust. Selle töö kirjutamise hetkel ei eksisteeri ühtegi mudelit mis suudaks visualiseerida mõõtmist koos juhtumi endaga. Selle töö tulemusena arendatakse mõõtmisemudel väärkasutamise juhtumite ja äriprotsesside modelleerimiskeele diagrammide piirides. Need mudelid hõlbustavad üldise riski hindamist jagades riski alam-osadeks ja mõõdavad eraldi vara väärtust, ohu potentsiaalsust ja haavatavust. Samuti annavad need teavet riskide kulukuse kohta ja toovad välja vastumeetmete rakendamise kasulikkuse. See tähendab, et riski meetrika ja tõsisus on koheselt nähtav. See aitab turvalisuse spetsialistil teha otsuseid, kas mõne konkreetse turvariski maandamiseks investeerimine on mõistlik või mitte. See peaks andma ka selge pildi ettevõtte kahjumist, kui riske kasutatakse ära ja aitab mõista, kas see on märkimisväärne kaotus või mitte. Kahe mudeli välja töötatamiseks kasutades nii teoreetilisi kui ka empiirilisi andmeid, seega turvalisusega seotud riskide mõõtmise mudelid annavad lahenduse probleemile, kuidas arvutada riske mis on võetud pärismaailmast, kasutades selleks väärkasutamise juhtumeid ja äriprotsesside modelleerimiskeelt. Lisaks uuritakse olemasolevaid hindamise meetoditeid ja standardeid koos erinevate modelleerimiskeeltega, ning töös kasutakse näiteid ühest töötavast organisatsioonist. Pärast mudelite välja töötamist need ka rakendatakse, et uurida väljapakutud meetrikate nähtavust. Valideerimise ajal võrreldakse kahte mudelit selgitamaks välja milline nendest annab parema ülevaate juurutatud meetrikatest.One of the most important tasks of any organization is to secure its assets. Since no system could be made completely secure, in order to prevent security flaws, companies apply controls to safeguard their assets from different threats. Therefore, risk analysis is an important step for the management of information systems security (ISS). Today various ISS risk analysis methods have been developed, but they mainly provide general guidelines to estimate the risk. The problem defined in the thesis is how to measure the risk illustrated with the help of a modeling languages. For that two modeling languages were chosen: misuse cases and BPMN. This is a problem, because we can see from a practical experience that the same security events are happening periodically, but the security risks are not treated. This may occur either because people do not see the repeated exploitation of vulnerabilities, the risk level and losses are not measured, considering the problems of a less importance. Without knowing exactly how much damage the security event makes, the management is not able to decide whether the risk should be fixed or not. If a risk is measured and values are visible, it is easier to do a proper decision about the risk mitigation. Our goal is to help understand the severity of the security risks by visualizing the metrics and calculations of a risk. For that in modeling languages a visualization of thread cases is needed. Then security cases need to be measured. Today there is no existing model that can visualize the measurement together with the case itself. The contribution of this thesis will be the development of measurement model within misuse case and BPMN diagrams. These models will facilitate the evaluation of an overall risk, by dividing the risk into sub-components and individually measuring the asset value, potentiality of thread, level of vulnerability. It will also give information about cost and benefit of implementation of countermeasures. This means that the metrics and the severity of a risk will be visible straight away. This will help the security specialist to make a decision whether the investment into a particular security flaw is reasonable or not. It should give a clear picture of the company's losses from exploitation of risk and will make it easier to understand whether it is a substantial loss or not. Two models will be developed using both theoretical and empirical data. Existing assessment approaches and standards together with different modeling languages will be studied. At the same moment the cases from the working organization will be taken. Two models will be developed and applied to investigate the visibility of metrics proposed. The developed security risk measurement models will give a solution how to calculate the risks taken from a real world example using misuse cases and BPMN. During validation we have tested our two models, which of them gives better visibility of the metrics introduced

Tendências do BPM

Dissertação de mestrado integrado em Engenharia e Gestão de Sistemas de InformaçãoAtualmente, as organizações encontram-se inseridas em ambientes de mercado cada vez mais competitivos, deparando-se com várias dificuldades, em que face a estas, necessitam de encontrar soluções. Por essa razão, viram o BPM como uma solução para melhorar o seu negócio. Um dos objetivos do BPM é ter a capacidade de identificar, monitorar e otimizar processos de negócio cujo resultado final é um conjunto de atividades realizadas. Com base nesta monitorização e otimização, as organizações tornam-se capazes de identificar possíveis lacunas nos seus processos e com isto melhorá-los. Com isto, verificou-se a falta de informação existente cientificamente em relação à identificação de novas tendências para o BPM. Neste sentido, com este trabalho propomos realizar uma investigação seguindo a metodologia de pesquisa em Design Science Research, em que iniciamos uma pesquisa de levantamento de tendência seguindo a abordagem proposta por Webster e Watson (2002), com base em duas conferências internacionais em BPM de ranking elevado, em que se identificou os tópicos mais abordados como também problemas e soluções desde 2013 até 2015. Posteriormente, com informação recolhida ao longo de três anos, através da criação de um framework identificamos algumas tendências para o BPM, de forma a melhorá-lo. Para garantir a credibilidade dos resultados, através da criação de um inquérito por questionário realizou-se a avaliação dos resultados obtidos.Nowadays, the market gets more and more competitive, thus companies need to learn how to manage and find the right solutions for their business when facing challenges. For that reason, they saw BPM as a great tool to expand their business. One of the features of BPM is the capacity to identify, monetize and optimize processes within the business which ultimately allow for an aggregation of performed activities. Thanks to these features, the business have been capable of identifying possible gaps in their processes and how to improve them. With this, it was verified the lack of scientific information regarding the identification of new trends for BPM. Therefore, with this work we propose to conduct an investigation that follows the searching methodology in Design Science Research, where we initiate a search of lifting trends as proposed by Webster and Watson (2002). This is based on two international conferences on BPM, in which it identified the most discussed topics and also the problems and solutions since 2013 until 2015. After this investigation, with collected information over 3 years, through the creation of framework we identify some BPM trends. To approve this results, we created a survey that was held an evaluation of the final results

Pattern Based Security Requirement Derivation with Security Risk-aware Secure Tropos

Informatsioonisüsteem (IS) toetab suurt hulka modernse ühiskonna jaoks olulisi funktsioone. IS sisaldab üha suurenevat hulka andmeid ja informatsiooni, sealhulgas per-sonaalseid pilte ja andmeid tervise või finantstehingute kohta. Üha suurenev küberrünna-kute arv on tinginud vajaduse turvaliste infosüsteemide kiiremaks loomiseks. Et arendada turvalist IS-i, tuleb tuvastada turbe-eesmärgid ning need vastavalt ellu viia. Tulemuspõhine arendus tagab turbe-eesmärkide tulemuslikkuse, pakkudes metodoloogiat, mis võimaldab turvalisuse nõuete induktsiooni läbi kogu informatsioonisüsteemi arenduse protsessi. See on saavutatav, kui võtta igat süsteemikomponenti kui eesmärgile orienteeritud osa. Olgugi, et tulemuspõhine modelleerimine on kasulikuks osutunud, on sellel ka mõningaid puudu-seid. Peamine puudus peitub detailsuses, mille tõttu see protsess võib lühikese ajaga muu-tuda komplekseks, tõstes ka kogu ülejäänut protsessi keerukusetaset. Seetõttu on oluline kasutada struktureeritud lähenemisviisi, mis võimaldab kogu protsessi jooksul samm-sammulist juhendit rakendada. Turvalisuse mustrid on korduvkasutatavadja võimaldavad lahendada tarkvaraarenduse protsessi käigus sagedasti ilmnevaid probleeme. Käesolevas magistritöös uuritakse mustripõhise turvanõuete kogumise protsessi integreerimist, tule-muspõhise IS-i arendamisel. Selle eesmärgiks on SRP’d (Security Risk-oriented Patterns) kasutades pakkuda protsessi, mis võimaldab turvanõuete induktsiooni RAST (Security Risk-aware Secure Tropos) mudelis. RAST on turvalisuse tulemuspõhise modelleerimise keel, mis on kohaldatav läbi kogu tarkvaraarenduse protsessi nii varasematele kui hilisema-tele nõudlustele, arhitektuurile, üksikasjalikule projekteerimisele kui ka lõplikule rakenda-misele. Käesoleva magistritöö panus on viie SRP avaldamine, kasutades selleks RAST mo-delleerimise keelt. Töös tuuakse välja sammud, mida väljapakutud turvalisuse mustrite ra-kendamiseks kasutada. Töö autor annab omapoolse panuse viies läbi juhtumiuuringu, mis kinnitab autori poolt pakutud mustrite üldise kasutamisest selle rakenduse protsessist. Juh-tumiuuringust selgus ka, et töös välja pakutud mustreid on võimalik kasutada süsteemi analüüsi alguspunktina, et kiirendada turvalisuse nõuete väljaselgitamisprotsessi ning seda efektiivsemaks muuta.Information systems (IS’s) support a multitude of functions vital to the modern society. IS’s carry an ever increasing volume of data and information, including personal pictures, health data or financial transactions. Continuously increasing rates of cyber-attacks have led to the subsequent need to rapidly develop secure IS. To develop secure IS’s, security goals need to be identified and fulfilled accordingly. Goal-oriented development fulfils the achievement of security goal by providing a methodology that enables security requirement elicitation throughout the entire development of an information system. This is achieved by considering every component of a system as an actor that is driven by goals that the actor strives to achieve. Nevertheless goal-oriented modeling has proven itself to be valid it maintains multiple shortcomings. The main disadvantage lays in the high granularity of the process making it complex very fast and subsequently raising the level of complexity of the overall process. Therefore a structured approach that would provide a step-by-step guide throughout the application of the process would be essential. Security patterns are proven to be reusable solutions that address recurring security problems which are commonly faced during the process of software development. In this master thesis we investigate the integration of a pattern based security requirement elicitation process in the goal-oriented IS development. By performing this integration we aim at providing a process that enables the elicitation of security requirements from Security Risk-aware Secure Tropos (RAST) models. RAST is a security goal-oriented modeling language that is applicable throughout the complete process of software development from early to late requirements, architecture, detailed design and final implementation. The contribution of this thesis are five Security Risk-aware Patterns expressed using RAST. The thesis outlines the steps to be executed to apply the proposed security patterns. We validated our contribution by performing a case study that confirmed the overall usability of our proposed patterns and the pattern application process. Additionally the case study determined that the provided patterns can be used as a starting point for a faster and more efficient in identifying security requirements