| 1. |
|
|
| 2. |
- Daoudi, Sara, et al.
(författare)
-
Discovering and Assessing Enterprise Architecture Debts
- 2023
-
Ingår i: Complex Systems Informatics and Modeling Quarterly. - : Riga Technical University. - 2255-9922. ; 2023:35, s. 1-29
-
Tidskriftsartikel (refereegranskat)abstract
- The term Enterprise Architecture (EA) Debts has been coined to grasp the difference between the actual state of the EA and its hypothetical, optimal state. So far, different methods have been proposed to identify such EA Debts in organizations. However, these methods either are based on the transfer of known concepts from other domains to EA or are time and resource intensive. To overcome these shortcomings, we propose an approach that uses an interview format to identify EA Debts in enterprises and a method that allows a qualitative assessment of identified EA Debts. The proposed approach is supported by the designed framework that consists of an interview format and a process for determining thresholds of certain EA Smells.
|
|
| 3. |
- Ekstedt, Mathias, 1975-, et al.
(författare)
-
Yet another cybersecurity risk assessment framework
- 2023
-
Ingår i: International Journal of Information Security. - : Springer Nature. - 1615-5262 .- 1615-5270. ; :22, s. 1713-1729
-
Tidskriftsartikel (refereegranskat)abstract
- IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.
|
|
| 4. |
- Hacks, Simon, 1988-, et al.
(författare)
-
A First Validation of the Enterprise Architecture Debts Concept
- 2023
-
Ingår i: Enterprise, Business-Process and Information Systems Modeling. - : Springer. - 9783031342417 - 9783031342400 ; , s. 217-226
-
Konferensbidrag (refereegranskat)abstract
- The Enterprise Architecture (EA) discipline is now established in many companies. The architectures of these companies changed over time. They resulted from a long creation and maintenance process containing processes and services provided by legacy IT systems (e.g., systems, applications) that were reasonable when they were created but might now hamper the introduction of better solutions. To handle those legacies, we started researching on the notion of EA debts, which widens the scope of technical debts to organizational aspects. However, no studies have yet been conducted to validate if the concept of EA debts has a positive influence. Within this work, we have experimented with students of an EA course. Half of the students were taught the concept of EA debts, while the other half was taught about another topic simultaneously. Afterward, the students performed a modeling task graded by EA experts among the criteria of effectiveness, comprehensibility, minimality, and completeness. The analysis revealed no significant difference between the quality of the created models by the different student groups.
|
|
| 5. |
- Kang, Eun-Young, et al.
(författare)
-
Safety & Security Analysis of a Manufacturing System using Formal Verification and Attack-Simulation
- 2023
-
Ingår i: 2023 12th Mediterranean Conference on Embedded Computing (MECO). - : IEEE conference proceedings. - 9798350322910 ; , s. 1-8
-
Konferensbidrag (refereegranskat)abstract
- Key to reliable manufacturing systems is ensuring the trustworthiness of the decision-making and control mechanisms that supplant human control, i.e., systems need to remain safe while being resilient against functional failures, unpredictable changes, and cyber-security threats. We present a correct-by-construction approach to identify and analyze essential requirements that ensure the safety and security of a manufacturing system using a combination of System Theoretic Process Analysis (STPA)-based verification and attack simulation. This approach utilizes formal modeling and analysis to remove ambiguities in the requirement and specify safety properties that should be satisfied in system design. Potential safety hazards are identified using STPA-based model checking and possible cyber-security threats are diagnosed through attack simulation. Additional safety and security constraints inhibiting the hazards and threats are generated to improve the system design accordingly. Our approach is demonstrated on an autonomous assembly line system case study.
|
|
| 6. |
- Kinderen, Sybren de, et al.
(författare)
-
A Reference Model and a Dedicated Method in Support of Cyber-Security by Design: : Reality Check
- 2023
-
Ingår i: Proceedings of the 13th International Workshop on Enterprise Modeling and Information Systems Architectures (EMISA 2023). - : CEUR.
-
Konferensbidrag (refereegranskat)abstract
- The electricity sector increasingly intertwines IT and the physical grid, increasing the risk of cyberattacks on this critical infrastructure. Hitherto, we have developed a modeling method to supportcyber-security by design in the electricity sector by providing (1) a multi-level reference model, (2) asemi-automated security assessment, and (3) a dedicated process model. In this paper, we focus on fourchallenges identified based on interactions with domain experts, namely: (1) automated model creation;(2) accounting for changing security requirements; (3) multi-level model management; and (4) incentivesfor modelers. These challenges are relevant to our modeling method and overlap with challenges on thepractical uptake of modeling in general.
|
|
| 7. |
|
|
| 8. |
- Raavikanti, Sashikanth, et al.
(författare)
-
A Recommender Plug-in for Enterprise Architecture Models
- 2023
-
Ingår i: Proceedings of the 25th International Conference on Enterprise Information Systems - Volume 2, ICEIS 2023. - : INSTICC. - 9789897586484 ; , s. 474-480
-
Konferensbidrag (refereegranskat)abstract
- IT has evolved over the decades, where its role and impact have transitioned from being a tactical tool to a more strategic one for driving business strategies to transform organizations. The right alignment between IT strategy and business has become a compelling factor for Chief Information Officers and Enterprise Architecture (EA) in practice is one of the approaches where this alignment can be achieved. Enterprise Modeling complements EA with models that are composed of enterprise components and relationships, that are stored in a repository. Over time, the repository grows which opens up research avenues to provide data intelligence. Recommender Systems is a field that can take different forms in the modeling domain and each form of recommendation can be enhanced with sophisticated models over time. Within this work, we focus on the latter problem by providing a recommender architecture framework eases the integration of different Recommender Systems. Thus, researchers can easily compare the performance of different recommender systems for EA models. The framework is developed as a distributed plugin for Archi, a widely used modeling tool to create EA models in the ArchiMate notation.
|
|
| 9. |
- Widel, Wojciech, et al.
(författare)
-
The meta attack language - a formal description
- 2023
-
Ingår i: Computers & security (Print). - : Elsevier BV. - 0167-4048 .- 1872-6208. ; 130
-
Tidskriftsartikel (refereegranskat)abstract
- Nowadays, IT infrastructures are involved in making innumerable aspects of our lives convenient, startingwith water or energy distribution systems, and ending with e-commerce solutions and online bankingservices. In the worst case, cyberattacks on such infrastructures can paralyze whole states and lead tolosses in terms of both human lives and money.One of the approaches to increase security of IT infrastructures relies on modeling possible ways ofcompromising them by potential attackers. To facilitate creation and reusability of such models, domainspecific languages (DSLs) can be created. Ideally, a user will employ a DSL for modeling their infrastruc-ture of interest, with the domain-specific threats and attack logic being already encoded in the DSL bythe domain experts.The Meta Attack Language (MAL) has been introduced previously as a meta-DSL for development ofsecurity-oriented DSLs. In this work, we define formally the syntax and a semantics of MAL to ease acommon understanding of MAL’s functionalities and enable reference implementations on different tech-nical platforms. It’s applicability for modeling and analysis of security of IT infrastructures is illustratedwith an example.
|
|
