Abstract
The security policy should contain all the information necessary to make proper security decisions. The rules and needs for specific security measures and methods should be explained in understandable way. None of the existing security mechanisms can guarantee complete protection against threats. In extreme cases, improperly used security mechanisms can lower the level of protection, giving the impression of security that is actually lacking. To enable simple and automated definition of security procedures for IT system of a company or organization, available not only to qualified IT professionals, e.g. system administrators, but also to the company's management staff, it was decided to create an Intelligent System for Automation and Analysis of Security Procedures (iSPA). The paper presents the proposal of use the developed domain language, named 'spa-lang' for configuration and management of security procedures in security system engineering based on BPMN (Business Process Model and Notation) standard.
Recommended Citation
Krym, Tomasz; Poniszewska-Marańda, Aneta; Chomątek, Łukasz; and Chłapiński, Jakub, "Configuration and management of security procedures with dedicated ‘spa-lang’ domain language in security engineering" (2022). WISP 2022 Proceedings. 16.
https://aisel.aisnet.org/wisp2022/16