The Baltic-German Liaison Office granted funding for a joint application submitted by the universities of Tartu (Estonia), Riga (Latvia) and Rostock. The project on „ Improvement of IT-Security in Enterprises based on Process Analysis and Risk Patterns “ will start in January 2015 and have a runtime of one year.
The importance of introducing security engineering practices early in the development of information systems has been acknowledged. A new approach for security requirements elicitation from business processes (SREBP) supports identification of a complete set of security requirements in an efficient way. This contributes to improving IT-security in enterprises and secured enterprise architectures. The main goal of the project is to transfer this approach to the practice of small and medium-sized enterprises (SME) and to incorporate it into enterprise architecture development cycle, creating a set of guidelines. In order to illustrate its usefulness and completeness for engineering security requirements, real-world application cases will be used.