Securing airline-turnaround processes using security risk-oriented patterns

Abstract

Security risk management is an important part of system development. Given that a majority of modern organisations rely heavily on information systems, security plays a big part in ensuring smooth operations of business processes. For example, many people rely on eservices offered by banks and medical establishments. Inadequate security measures in information systems have unwanted effects on an organisation’s reputation and on people’s lives. In this case study research paper, we target the secure system development problem by suggesting the application of security risk oriented patterns. These patterns help find security risk occurrences in business processes and present mitigations for these risks. They provide business analysts with means to elicit and introduce security requirements to business processes. At the same time, they reduce the efforts needed for risk analysis. These security risk oriented patterns are applied on business processes from an aviationturnaround system. In this paper, we report our experience to derive security requirements to mitigate security risks in distributed systems.