Part 1: The International Cross Domain Conference (CD-ARES 2016)International audienceThe pervasive growth and diffusion of complex IT systems, which handle critical business aspects of today’s enterprises and which cooperate through computer networks, has given rise to a significant expansion of the exposure surface towards cyber security threats. A threat, affecting a given IT system, may cause a ripple effect on the other interconnected systems often with unpredictable consequences. This type of exposition, known as cyber systemic risk, is a very important concern especially for the international banking system and it needs to be suitably taken into account during the requirement analysis of a bank IT system. This paper proposes the application of a goal-oriented methodology (GOReM), during the requirements specification phase, in order to consider adequate provisions for prevention and reaction to cyber systemic risk in banking systems. In particular, the context of the Italian banking system is considered as a case study
Summary
Cybersecurity compliance analysis is the process of assessing whether the behavior of an IT system or application conforms to the cybersecurity rules and regulations in force. This assessment can be offered as a service by exploiting available cloud technologies, and, indeed, it is one of the services classified by the Cloud Security Alliance (CSA) as part of the security information and event management (SIEM) category of the SecaaS (security as a service) domain. The definition and implementation of this typology of cloud services are challenging activities due to the complexity of both the reference business domain and the compliance analysis services to be provided themselves. The paper exploits a recently proposed requirements methodology, called GOReM (goal‐oriented requirements methodology), to support the conceptualization and subsequent implementation of cybersecurity compliance analysis services. In particular, two different application scenarios regarding compliance analysis of an existing or under development IT system/application are presented and discussed. In both the scenarios, GOReM allows to grasp and understand the many and complex issues to address for providing secure cloud services to worldwide customers, also due to the numerous, different and ever changing legal aspects, which have to be taken into account by service providers.
The aim of the ObNet model is to provide a framework for the design, development, maintenance and run-time support of large, long-lived, highly configurable systems for which the integration of different programming paradigms and environments plays a major role. The model defines some basic mechanisms which can be used in developing specialized software engineering environments for specific application domains. A system is a network of (multi-representation) objects; different specialized environments are different views over the network. Objects could be typed and are manipulated via methods; both types and methods are in turn objects. The concept of dependency between objects is supported and specialized to represent versions, instances, conversions and collections.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.