Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses

A Framework for the Visualisation of Cyber Security Requirements and its Application in BPMN

Zhou, B, Maines, CL, Tang, SO and Shi, Q (2018) A Framework for the Visualisation of Cyber Security Requirements and its Application in BPMN. In: Parkinson, S, Crampton, A and Hill, R, (eds.) Guide to Vulnerability Analysis for Computer Networks and Systems. Springer, pp. 339-366. ISBN 978-3-319-92624-7

[img] Text
A Framework for the Visualisation of Cyber Security Requirements and its Application in BPMN.pdf - Accepted Version
Restricted to Repository staff only

Download (2MB)

Abstract

Security requirements is the fundamental component in designing and defending IT systems against cyber attacks. Still in reality they are every so often to be overlooked due to the lack of expertise and technical approach to capture and model these requirement in an effective way. It is not helped by the fact that many companies, especially SMEs, tend to focus on the functionality of their business processes first, before considering security as an afterthought. New extensions for modelling cyber security requirements in Business Process Model and Notation (BPMN) have been proposed in the past to address this issue. In this chapter, we analyse existing extensions and identify the notational issues present within each of them. We discuss how there is yet no single extension which represents a comprehensive range of cyber security concepts. Consequently, a new framework is proposed that can be used to extend, visualise and verify cyber security requirements in not only BPMN, but any other existing modelling language. We investigate a new approach to modelling security and propose a solution that overcomes current issues whilst still providing functionality to include all concepts potentially modellable in BPMN related to cyber security. The framework utilises a ``what you see is what you get" approach to allow intuitive modelling of rather complicated security concepts. It increases human understanding of the security requirements while minimising the cognitive load. We detail how we implemented our solution along with the novel approach our application takes to current challenges.

Item Type: Book Section
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions: Computer Science & Mathematics
Publisher: Springer
Date Deposited: 27 Sep 2018 08:20
Last Modified: 03 Sep 2021 23:38
Editors: Parkinson, S, Crampton, A and Hill, R
URI: https://researchonline.ljmu.ac.uk/id/eprint/9335
View Item View Item