Logo des Repositoriums

Auflistung nach Autor:in "Sillaber, Christian"

1 - 3 von 3
  • Konferenzbeitrag
    Managing legal compliance through security requirements across service provider chains: A case study on the German federal data protection act
    (INFORMATIK 2012, 2012) Sillaber, Christian; Breu, Ruth
    Future service customer-provider as well as inter-provider relationships will see the increased application of dynamic service composition providing a broad diversity of functions. However, currently existing deficiencies of processes and tools force service providers and service consumers to trade off profitability against security compliance. This is predominately due to the ignorance or manual resolution of policy and configuration dependencies, caused by distinct terminologies and languages used at both the service provider and service customer. We report on the research design for the Collaborative Security Requirement Management System (CoSeRMaS), a collaborative and semi-automated tool to manage, define and validate inter organizational requirements. We demonstrate the capabilities of CoSeRMaS to establish and validate the legal compliance that is demanded by the German Bundes Datenschutzgesetz (BDSG) when two or more customers and providers exchange data as part of their service composition.
  • Zeitschriftenartikel
    Security im Produkt-Lifecycle – Lästige Pflicht oder Chance?
    (Informatik-Spektrum: Vol. 39, No. 5, 2016) Breu, Ruth; Sillaber, Christian; Brunner, Michael
    Die heute übliche vernetzte Struktur von Softwareprodukten und komplexe Kunden-Anbieter-Szenarien machen eine tiefgehende Beschäftigung mit dem Thema Security im Produktkontext unumgänglich. Ausgehend von der Frage, was Sicherheitseigenschaften von anderen Anforderungen unterscheidet, stellen wir in unserem Beitrag kurz die Methoden und Techniken vor, die für die Erhebung und das Monitoring von Sicherheitseigenschaften notwendig sind. Insgesamt plädieren wir für eine enge Integration von Sicherheitsbetrachtungen in die Aktivitäten des Produktlebenszyklus und zeigen die Chancen auf, die damit für den Qualitätsmanagementprozess insgesamt verbunden sind.
  • Zeitschriftenartikel
    Towards data-driven decision support for organizational IT security audits
    (it - Information Technology: Vol. 60, No. 4, 2018) Brunner, Michael; Sillaber, Christian; Demetz, Lukas; Manhart, Markus; Breu, Ruth
    As the IT landscape of organizations increasingly needs to comply with various laws and regulations, organizations manage a plethora of security-related data and have to verify the adequacy and effectiveness of their security controls through internal and external audits. Existing Governance, Risk and Compliance (GRC) approaches provide little support for auditors or are tailored to the needs of auditors and do not fully support required management activities of the auditee. To address this gap and move towards a holistic solution, a data-driven approach is proposed. Following the design science research paradigm, a data-driven approach for audit data management and analytics that addresses organizational needs as well as requirements for audit data analytics was developed. We contribute workflow support and associated data models to support auditing and security decision making processes. The evaluation shows the viability of the proposed IT artifact and its potential to reduce costs and complexity of security management processes and IT security audits. By developing a model and associated decision support workflows for the entire IT security audit lifecycle, we present a solution for both the auditee and the auditor. This is useful to developers of GRC tools, vendors, auditors and organizational decision makers.