Towards Process Centered Information Security Management - A Common View for Federated Business Processes and Personal Data Usage Processes

Erik Neitzel, Andreas Witt

Abstract

While comparing the progress of our two research projects of developing an information security management system (ISMS) for federated business process landscapes and the enhancement of security of social networks, we discovered a fundamental view congruency concerning the way information security can be handled. This paper deals with a conceptual framework which uses the ISO 27001 and the German BSI IT-Grundschutz Framework as a base for determining a methodology for a process based point of view towards information security management for both federated business processes within business applications and personal data usage processes within social networks. The proposed layers are (1) process layer, (2) application layer, (3) network layer, (4) IT systems layer and (5) infrastructure layer.

References

  1. Armando, A., Giunchiglia, E., Maratea, M., and Ponta, S. E. (2006). An action-based approach to the formal specification and automated analysis of business processes under authorization constraints. Journal of Computer and Systems Sciences: Special issue on Knowledge Representation and Reasoning, to appear.
  2. Arsac, W., Compagna, L., Kaluvuri, S. P., and Ponta, S. E. (2011). Security validation tool for business processes. In Proceedings of the 16th ACM symposium on Access control models and technologies, SACMAT 7811, pages 143-144, New York, NY, USA. 2011, ACM.
  3. Bognanni, M. (2008). Mein freund der datenhändler (datensicherheit in sozialen netzwerken). Retrieved from: http://www.stern.de/digital/online/datensicherheit-insozialen-netzwerken-mein-freund-der-datenhaendler636203.html.
  4. BSI (2009). Bsi-standard 100-1, 100-2, 100-3, 100-4.
  5. Dorrhauer, C. and Rö ckle, H. (2011). Messbarkeit der Sicherheitsqualität im Lebenszyklus betrieblicher Anwendungssysteme. In: Betriebliche Anwendungssysteme (Thomas Bartin, Burkhard Erdlenbruch, Frank Herrmann, Christian Müller), Proceedings of AKWI Symposium, Worms.
  6. Fredricksen, C. (2011). Facebook revenues to reach $4.27 billion in 2011. Retrieved from: http://www.emarketer.com/PressRelease.aspx?R=100 8601.
  7. Gaedke, M. and Turowski, K. (1999). Generic Web-Based Federation of Business Application Systems for ECommerce Applications. In: Engineering Federated Information Systems (S. Conrad, W. Hasselbring, G. Saake), Proceedings of the 2nd Workshop EFIS'99, K ühlungsborn (Germany).
  8. Goeken, M. (2006). Referenzmodelle für Betrieb und Entwicklung von Anwendungssystemen. In: Vorgehensmodelle und Projektmanagement - Assessment, Zertifizierung, Akkreditierung (H öhn, R. et al.), Proceedings of 14th Workshop of WI-VM Symposium GI, Aachen.
  9. Heidisch, M. and Pohlmann, P. D. N. (January 2012). Der Elektronische Datenbrief. Institut fü r InternetSicherheit - if(is), FH Gelsenkirchen.
  10. ISO/IEC (2009). International standard iso/iec 27000 first edition.
  11. Mirror (2011). Facebook hacker admits breaking into social network's servers. Retrieved from: http://www.mirror.co.uk/news/technologyscience/technology/facebook-hacker-admits-break ing-into-social-96681.
  12. M örl, C. and Groß, M. (2008). Soziale Netzwerke im Internet - Analyse der Monitarisierungsmöglichkeiten und Entwicklung eines intergrierten Geschäftsmodells. Verlag Werner H ülsbusch, Boizenburg.
  13. Nowey, T. and Sitzberger, S. (2006). Lernen vom Business Engineering - Ansätze fuer ein systematisches, modellgestuetztes Vorgehensmodell zum Sicherheitsmanagement. In: Multikonferenz Wirtschaftsinformatik 2006 (Lehner, Franz und Nö sekabel, Holger und Kleinschmidt, Peter). Proceedings 2. Gito, Berlin.
  14. Schwotzer, T. (2011). Distributed Context Space (DCS) - foundation of semantic P2P systems. 3rd International ICST Conference on IT Revolutions, Cordoba / Spain.
  15. Walton, M. (1988). Deming Management Method. Perigee Trade.
Download


Paper Citation


in Harvard Style

Neitzel E. and Witt A. (2012). Towards Process Centered Information Security Management - A Common View for Federated Business Processes and Personal Data Usage Processes . In Proceedings of the International Conference on Data Technologies and Applications - Volume 1: DATA, ISBN 978-989-8565-18-1, pages 189-192. DOI: 10.5220/0004050301890192


in Bibtex Style

@conference{data12,
author={Erik Neitzel and Andreas Witt},
title={Towards Process Centered Information Security Management - A Common View for Federated Business Processes and Personal Data Usage Processes},
booktitle={Proceedings of the International Conference on Data Technologies and Applications - Volume 1: DATA,},
year={2012},
pages={189-192},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004050301890192},
isbn={978-989-8565-18-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Data Technologies and Applications - Volume 1: DATA,
TI - Towards Process Centered Information Security Management - A Common View for Federated Business Processes and Personal Data Usage Processes
SN - 978-989-8565-18-1
AU - Neitzel E.
AU - Witt A.
PY - 2012
SP - 189
EP - 192
DO - 10.5220/0004050301890192