Business & Information Systems Engineering
Document Type
Research Paper
Abstract
The increased reliance of organizations on information technology inherently increases their vulnerability to cyber-security attacks. As a response, a host of cyber-security approaches exists. While useful, these approaches exhibit shortcomings such as an inclination to be fragmented, not accounting for up-to-date organizational data, focusing on singular vulnerabilities only, and being reactive, i.e., focusing on patching up vulnerabilities in current systems. The paper presents and evaluates a modeling method aiming to address those shortcomings and to support security by design with a focus on the electricity sector. The proposed modeling method encompasses a multi-level reference model reconstructing and integrating existing initiatives and supporting top-down and bottom-up analyses. Compared to earlier work, the paper contributes (1) a process model for cyber-security by design, which proactively considers security as a first-class citizen during the design process, (2) a complete coverage of the multi-level model, in terms of three views complementing the introduced process model, (3) an elaborated evaluation, in terms of reporting on an additional design science cycle.
Recommended Citation
de Kinderen, Sybren; Kaczmarek-Heß, Monika; and Hacks, Simon
(2025)
"A Multi-level Reference Model and a Dedicated Method for Cyber-Security by Design,"
Business & Information Systems Engineering:
Vol. 67: Iss. 4, 511-530.
Available at:
https://aisel.aisnet.org/bise/vol67/iss4/5