Use this URL to cite or link to this record in EThOS: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.549582
Title: E-business information systems security design paradigm and model
Author: Nachtigal, Sharon
Awarding Body: Royal Holloway, University of London
Current Institution: Royal Holloway, University of London
Date of Award: 2009
Availability of Full Text:
Access from EThOS:
Abstract:
This thesis is concerned with a new approach to Information Systems Security management for an e-business organisation. One of the characteristics of a modern organisation (and especially of an e-business organisation) is the distribution of organisational resources and assets. Management of resources is also distributed between various hierarchical functions. With the move to an e-business mode, the number of users involved in business operations has increased, and these users (both inside and outside the organisation) need access to the organisation's information. Hence, the organisational IT perimeter has necessarily become much more frequently and easily crossed. Thus the modern business environment makes the effectiveness of the perimeter security approach highly questionable. The challenge addressed here is to develop a model for e-business security that provides an alternative approach to both the way security is viewed and the way it is designed and managed. The new paradigm (approach) for e-business organisation security suggested here is a business-process oriented security paradigm. The design of the novel paradigm and the development of the methodology rest on the belief that modern business and technological systems are complex dynamic systems. Security will then be achieved by focusing on a specified set of security requirements, and by securing the business logic and individual information flows of an e-process. Using the new security paradigm, a methodology for its implementation is presented, in the form of an e-Business Process Security Methodology (eBPSM), which identifies and describes the sequence of the phases that should be performed. Each phase is defined in terms of the level of the organisational hierarchy, professionals, tasks, outcomes, and phase specifics. The methodology was tested on a real-life case study of an aviation company. The company and its Information Systems were analysed, and the online ordering process served as the basis for a test implementation of the newly suggested methodology. An evaluation of the methodology and opinions on its feasibility were provided by information security professionals from academia and industry. The research is expected to contribute to both business and academia, both at a practical and a theoretical level. There are four main novel aspects of the work described in this thesis: 1. a new business process-based security paradigm is proposed; 2. modern business and technological systems are approached as complex dynamic systems; 3. an approach to information security design and management is proposed that focuses on business logic and the information flows of an e-process; 4. a new set of information security requirements is suggested.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID: uk.bl.ethos.549582  DOI: Not available
Share: