Management of Security Risks in the Enterprise Architecture using ArchiMate and Mal-activities

Turvalisuse tase on ettevõtte üks peamisi elemente, mida tuleb organisatsioonis kontrollida. Kui ettevõtte äri arengut modelleeritakse on eesmärgiks katkematu ettevõtlus, aga tihti ei võeta sellega arvesse turvanõudeid. Selliselt on aga infosüsteemi kõrget turvalisuse taset väga raske säilitada. Selles dokumendis käsitletakse lähenemisviisi, mis parandab julgeoleku vastumeetmeid, et selleläbi aidata ettevõtte arhitektuuri turvalisemaks muuta. Ettevõtte arhitektuurimudeli ja turvariski juhtimise vaheliste soeste leidmine toimub läbi Infosüsteemi turvariskide juhtimise domeeni mudeli (ISSRM). Ettevõtte arhitektuuri modelleerimiseks on kasutatud ArchiMate modelleerimiskeelt. Paljudest riskide kirjeldamise keeltest on sobilikum mal-activity (pahatahtlikute tegevuste) diagrammid, sest see aitab julgeoleku riskide juhtimist kõige paremini visualiseerida. Struktureeritud joondus aitab ülalnimetatud keelte vahelisi seoseid näidata ning annab informatsiooni kõige haavatavamate punktide kohta süsteemis. Turvalisuse taseme säilitamine aitab ettevõttel äritegevust viia sõltumatuks infosüsteemist. Selle dokumendi tulemuseks on ArchiMate ja Mal-activity diagrammide vahelised seostetabelid ja reeglid. Nende kahe keele vaheliseks seoseks on ISSRM. Kirjeldatud lähenemise valideerimine on läbi viidud ühe näite põhjal, mis on võetud CoCoME juhtumiuuringust. Näite põhjal on loodud mitmeid illustreerivaid pilte valideerimise kohta. Kõige viimasena on kirjeldatud meetodiga saadud tulemust võrreldud Grandy et.al. (2013) poolt arendatud lähenemisega. Võtmesõnad: Infosüsteem, Infosüsteemi turvariskide juhtimine, ettevõtte arhitektuur, ettevõtte arhitektuuri mudel, julgeoleku vastumeetmed, turvariskide juhtimine, riskidele orjenteeritud modelleerimiskeeled, ArchiMate, mal-activity diagrammid.Security level of the enterprise is one of the main elements that should be taken under control in the organization. It is difficult to maintain high security level of Information System. Since development of enterprise architecture is targeted on continues business flow modeling, it sometimes does not take into account security requirements. The paper provides an approach to improve security countermeasures to contribute with secure Enterprise Architecture. Filling the gap between Enterprise Architecture model and Security Risk Management is done through Information System Security Risk Management domain model (ISSRM). To build the Enterprise Architecture model, ArchiMate modelling language is being used. Among different risk-oriented languages, selection was done in favor of Mal-activity diagrams, which help to provide visual concept of Security Risk Management. Structured alignment can show the mapping between aforementioned terms and provide the information about most vulnerable points of the system. The maintenance of security level will help to make business flow independent from the state of Information System. The outcome of this paper is an alignment tables and rules between ArchiMate and Mal-activity diagrams. The mapping link between these two languages is ISSRM. Validation of our approach is done on the example, which is taken from CoCoME case study. It is shown on number of illustrative pictures. After getting the results, there is a comparison of the output between presented method and approach developed by Grandry et.al. (2013). Keywords: Information System, Information System Security Risk Management, Enterprise Architecture, Enterprise Architecture model, security countermeasures, Security Risk Management, risk-oriented modelling languages, ArchiMate, Mal-activity diagrams

Modeling Security Risks at the System Design Stage Alignment of Mal Activity Diagrams and SecureUML to the ISSRM Domain Model

Turvatehnika disain on üks olulisi süsteemiarenduse komponente. Ta peaks läbima tervet süsteemiarendusprotsessi. Kahjuks pööratakse talle paljudel juhtudel tähelepanu ainult süsteemi arendamise ja haldamise ajal. Paljud turvalise modelleerimise keeled (näiteks Misuse Case, Secure Tropos) aitavad turvariskejuba nõuete analüüsi etapil hallata. Käesolevas magistritöös vaatleme modelleerimisvahendeid (pahateoskeemid ja SecureUML), mida kasutatakse süsteemi disainil. Täpsemalt, me uurime, kuivõrd need vahendid toetavad infosüsteemide turvariskide haldust (Information Systems Security Risks Management, ISSRM). Töö tulemuseks on tabel, mis seab pahateoskeemid ning SecureUML-keele konstruktsioonid ISSRM domeeni mõistetega omavahel vastavusse. Me põhjendame oma analüüsi ning valideerime saadud tulemusi mitmel illustratiivsel näitel. Me loodame, et saadud tulemused aitavad arendajatel paremini aru saada, kuidas turvariske süsteemi disainietapil arvesse võtta. Peale selle, nende keelte analüüs ühisel kontseptuaalsel taustal annab tulevikus võimaluse neid keeli korraga kasutada ning loodud mudeleid ühest keelest teise teisendada.Security engineering is one of the important concerns during system development. It should be addressed throughout the whole system development process; however in many cases it is often dealt only during system development and maintenance. There are several security modeling languages (e.g, Misuse case, Secure Tropos) that help dealing with security risk management at the requirements stage. In this thesis, we are focusing on the modeling languages (e.g. Mal activity diagrams and SecureUML) that are used to design the system. More specifically we investigate how these languages support information systems security risks management (ISSRM). The outcome of this work is an alignment table between the Mal activity diagrams and SecureUML language constructs to the ISSRM domain model concepts. We ground our analysis and validate the received results on the number of illustrative examples. We hope that our results will help developers to understand how they can consider security risks at the system design stage. In addition we open the way for the interoperability between different modeling languages that are analysed using the same conceptual background, thus, potentially leading to the transformation between these modeling approaches

Semantic hierarchies for extracting, modeling, and connecting compliance requirements in information security control standards

Companies and government organizations are increasingly compelled, if not required by law, to ensure that their information systems will comply with various federal and industry regulatory standards, such as the NIST Special Publication on Security Controls for Federal Information Systems (NIST SP-800-53), or the Common Criteria (ISO 15408-2). Such organizations operate business or mission critical systems where a lack of or lapse in security protections translates to serious confidentiality, integrity, and availability risks that, if exploited, could result in information disclosure, loss of money, or, at worst, loss of life. To mitigate these risks and ensure that their information systems meet regulatory standards, organizations must be able to (a) contextualize regulatory documents in a way that extracts the relevant technical implications for their systems, (b) formally represent their systems and demonstrate that they meet the extracted requirements following an accreditation process, and (c) ensure that all third-party systems, which may exist outside of the information system enclave as web or cloud services also implement appropriate security measures consistent with organizational expectations. This paper introduces a step-wise process, based on semantic hierarchies, that systematically extracts relevant security requirements from control standards to build a certification baseline for organizations to use in conjunction with formal methods and service agreements for accreditation. The approach is demonstrated following a case study of all audit-related controls in the SP-800-53, ISO 15408-2, and related documents. Accuracy, applicability, consistency, and efficacy of the approach were evaluated using controlled qualitative and quantitative methods in two separate studies