| 1. |
|
|
| 2. |
- Daoudi, Sara, et al.
(författare)
-
Discovering and Assessing Enterprise Architecture Debts
- 2023
-
Ingår i: Complex Systems Informatics and Modeling Quarterly. - : Riga Technical University. - 2255-9922. ; 2023:35, s. 1-29
-
Tidskriftsartikel (refereegranskat)abstract
- The term Enterprise Architecture (EA) Debts has been coined to grasp the difference between the actual state of the EA and its hypothetical, optimal state. So far, different methods have been proposed to identify such EA Debts in organizations. However, these methods either are based on the transfer of known concepts from other domains to EA or are time and resource intensive. To overcome these shortcomings, we propose an approach that uses an interview format to identify EA Debts in enterprises and a method that allows a qualitative assessment of identified EA Debts. The proposed approach is supported by the designed framework that consists of an interview format and a process for determining thresholds of certain EA Smells.
|
|
| 3. |
- Ekstedt, Mathias, 1975-, et al.
(författare)
-
Yet another cybersecurity risk assessment framework
- 2023
-
Ingår i: International Journal of Information Security. - : Springer Nature. - 1615-5262 .- 1615-5270. ; :22, s. 1713-1729
-
Tidskriftsartikel (refereegranskat)abstract
- IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.
|
|
| 4. |
|
|
| 5. |
- Hacks, Simon, 1988-, et al.
(författare)
-
A First Validation of the Enterprise Architecture Debts Concept
- 2023
-
Ingår i: Enterprise, Business-Process and Information Systems Modeling. - : Springer. - 9783031342417 - 9783031342400 ; , s. 217-226
-
Konferensbidrag (refereegranskat)abstract
- The Enterprise Architecture (EA) discipline is now established in many companies. The architectures of these companies changed over time. They resulted from a long creation and maintenance process containing processes and services provided by legacy IT systems (e.g., systems, applications) that were reasonable when they were created but might now hamper the introduction of better solutions. To handle those legacies, we started researching on the notion of EA debts, which widens the scope of technical debts to organizational aspects. However, no studies have yet been conducted to validate if the concept of EA debts has a positive influence. Within this work, we have experimented with students of an EA course. Half of the students were taught the concept of EA debts, while the other half was taught about another topic simultaneously. Afterward, the students performed a modeling task graded by EA experts among the criteria of effectiveness, comprehensibility, minimality, and completeness. The analysis revealed no significant difference between the quality of the created models by the different student groups.
|
|
| 6. |
- Hacks, Simon, 1988-, et al.
(författare)
-
A Multi-level Cyber-Security Reference Model in Support of Vulnerability Analysis
- 2022
-
Ingår i: Enterprise Design, Operations, and Computing. - Cham : Springer. - 9783031176036 - 9783031176043 ; , s. 19-35
-
Konferensbidrag (refereegranskat)abstract
- This paper reports on the second engineering cycle of a reference model for end-to-end cyber-security by design in the electricity sector. In our previous work, we proposed a reference model that relies on the integrated consideration of two fragmented, but complementary, reference models: NISTIR 7628 and powerLang. To align these reference models, we rely on multi-level modeling, specifically on the Flexible Meta Modeling and Execution Language (FMMLx), and integrated modeling and programming. Within this paper, we strengthen the bottom-up design of the reference model’s application by integrating a semi-automated threat analysis. This enables the identification of possible points of improvement in the actual architecture design, as well as a future analysis of business-level impact of different threats. To demonstrate our approach, we rely on the well-studied Ukraine scenario from 2016.
|
|
| 7. |
- Hacks, Simon, 1988-
(författare)
-
Towards a Threat Modeling Language for Vessel Navigation and Port Call Optimization - harborLang
- 2024
-
Ingår i: EMISA 2024 Enterprise Modelling and Information Systems Architectures. - : Gesellschaft für Informatik. - 9783885797432 ; , s. 13-19
-
Konferensbidrag (refereegranskat)abstract
- This paper presents harborLang, a novel threat modeling language tailored for the maritime sector, built on the Meta Attack Language (MAL) framework. harborLang addresses the unique security challenges in maritime transport by enabling modeling and mitigation of potential threats. Through integrating specific maritime domain knowledge, harborLang empowers stakeholders to construct comprehensive threat models, enhancing decision-making and operational safety in seaports and vessel navigation.
|
|
| 8. |
- Kang, Eun-Young, et al.
(författare)
-
Safety & Security Analysis of a Manufacturing System using Formal Verification and Attack-Simulation
- 2023
-
Ingår i: 2023 12th Mediterranean Conference on Embedded Computing (MECO). - : IEEE conference proceedings. - 9798350322910 ; , s. 1-8
-
Konferensbidrag (refereegranskat)abstract
- Key to reliable manufacturing systems is ensuring the trustworthiness of the decision-making and control mechanisms that supplant human control, i.e., systems need to remain safe while being resilient against functional failures, unpredictable changes, and cyber-security threats. We present a correct-by-construction approach to identify and analyze essential requirements that ensure the safety and security of a manufacturing system using a combination of System Theoretic Process Analysis (STPA)-based verification and attack simulation. This approach utilizes formal modeling and analysis to remove ambiguities in the requirement and specify safety properties that should be satisfied in system design. Potential safety hazards are identified using STPA-based model checking and possible cyber-security threats are diagnosed through attack simulation. Additional safety and security constraints inhibiting the hazards and threats are generated to improve the system design accordingly. Our approach is demonstrated on an autonomous assembly line system case study.
|
|
| 9. |
- Kinderen, Sybren de, et al.
(författare)
-
A Reference Model and a Dedicated Method in Support of Cyber-Security by Design: : Reality Check
- 2023
-
Ingår i: Proceedings of the 13th International Workshop on Enterprise Modeling and Information Systems Architectures (EMISA 2023). - : CEUR.
-
Konferensbidrag (refereegranskat)abstract
- The electricity sector increasingly intertwines IT and the physical grid, increasing the risk of cyberattacks on this critical infrastructure. Hitherto, we have developed a modeling method to supportcyber-security by design in the electricity sector by providing (1) a multi-level reference model, (2) asemi-automated security assessment, and (3) a dedicated process model. In this paper, we focus on fourchallenges identified based on interactions with domain experts, namely: (1) automated model creation;(2) accounting for changing security requirements; (3) multi-level model management; and (4) incentivesfor modelers. These challenges are relevant to our modeling method and overlap with challenges on thepractical uptake of modeling in general.
|
|
| 10. |
|
|
