The Process of Engineering of Security of Information Systems (ESIS): The Formalism of Business Processes

Companies and organizations are faced with quite a tough competition and increasing regulatory and legal constraints. Therefore, the use of security risk management is evolving and becoming more and more important in companies and organizations. We define engineering of security of information systems as a process whose aim is to guarantee the global security of information systems, in their eco-system in order to meet the stakes of companies. After our article focused on the encapsulation of security know-how into UML profiles, we focus this work on the presentation of the process of engineering of security into the formalism of business processes. The main idea is to succeed the adherence, of all stakeholders of the enterprise, into the security problem. To meet these pragmatic and actual needs of companies and organizations, we would suggest an approach to engineering of security, firstly, based on the standards and good practices of security and, secondly, inspired from the best practices and feedback of advances in the engineering of information systems. This paper shows the feasibility of mapping the process of engineering of security of information systems into the formalism of business process, and presents the concepts of engineering of security of information systems using the foundations and models of information systems engineering.