Open AccessModel-based Framework for Change Management and Integrated Devlopment of Information Security
Author(s) -
Anna Medve
Publication year - 2018
Publication title -
international journal of management and information technology
Language(s) - English
Resource type - Journals
ISSN - 2278-5612
DOI - 10.24297/ijmit.v5i3.759
Subject(s) - computer science , traceability , process management , software engineering , business process , sherwood applied business security architecture , model driven architecture , business process model and notation , process (computing) , information security , knowledge management , business process modeling , systems engineering , unified modeling language , engineering , work in process , computer security , software security assurance , programming language , software , operations management , security service
This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B change management with empirical validation within a commercial SME. The framework supports MDE process of enterprise architecture re-engineering integrating the development of information security.