DEMO and Security
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
This thesis is aimed at exploring how security aspects within organizations can be addressed at a very high level: an ontological level that encapsulates construction and operation issues of organizations with no reference to implementation concerns. To do this, DEMO (Dynamic Engineering and Modeling for Organizations) has been found as the relevant methodology to use. The thesis has mainly four contributions. (1) First, it identifies the thread that connects DEMO with security. It does that by performing a thorough study of information systems security issues and DEMO. The research brings forward the current state in the information systems security field and concludes by pointing out the connection between DEMO and security - responsibility. (2) Second, based on the results of the previous investigation, it analyses various approaches to model security starting from responsibility with emphasis on their strengths, week points, similarities and differences. (3) Third, it performs a critical analysis of DEMO from a security perspective. The findings are analyzed and discussed and DEMO’s approach to responsibility is compared with the previous analyzed security modeling approaches based on responsibility. The results of this comparison constitute the (4) fourth contribution of the thesis: a starting point for modeling security within DEMO. Two case studies will be used for illustration purposes of the proposed method.