Model-based Framework for Change Management and Integrated  Devlopment of Information Security

Anna Medve

doi:10.24297/ijmit.v5i3.759

Authors

Anna Medve Department of Electrical Engineering and Information Systems, University of Pannonia, VeszprÃ©m, Hungary

DOI:

https://doi.org/10.24297/ijmit.v5i3.759

Keywords:

Business and IT alignment, Change Management, Standard-based Information Security Engineering, End-user Development, User Requirements Notation, Business Process Modelling, Model Driven Engineering

Abstract

This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B change management with empirical validation within a commercial SME. The framework supports MDE process of enterprise architecture re-engineering integrating the development of information security.