Main Page

From SI* Framework

Jump to: navigation, search

SI* Framework

The SI* Framework is, initially, developed specifically as a security requirement analysis framework that provide supports to requirement analysts/engineers in analyzing the security concerns of a system (i.e., especially information/software system).

In recent years, there have been several initiatives aiming at formalizing the security management process either as standards (e.g., ISO 27002, SAS 70), best-practices (e.g., ISO 27001, COSO-ERM), or formal regulations (e.g., HIPAA, EU Data Protection Directive). What often missing is a process and framework to govern security initiatives/program at organizational level.The SI* Framework is developed as a comprehensive method to manage security Governance, Risk, and Compliance (GRC) of a system that provides analysts & designers with :

  • a modeling framework based on a prominent requirement engineering framework-i*, extended with specific concepts related to security & GRC concerns (e.g., trust, permission, risk, and treatment);
  • a methodological process defining systematical steps analyzing and designing security controls relevant to a particular organizational-setting. This process treats business goals and process as the center of analysis and design process;
  • analytical techniques to verify certain security properties are satisfied or the risk level is acceptable;
  • a CASE Tool, namely SI* Tool, to analysts & designers in using the framework