Cybersecurity Requirements for Supporting Enterprise Interoperability of Multi-sided Platforms

Damjanovic-Behrendt, Violeta

doi:10.1007/978-3-030-13693-2_1

Cybersecurity Requirements for Supporting Enterprise Interoperability of Multi-sided Platforms

Violeta Damjanovic-Behrendt⁵

Conference paper
First Online: 26 April 2019

1049 Accesses

Part of the book series: Proceedings of the I-ESA Conferences ((IESACONF,volume 9))

Abstract

We report on work in capturing cybersecurity requirements for cloud-based and IoT-enabled multi-sided platforms (MSPs). Our approach is designed to capture security aspects related to business rules and constraints of MSPs, thus shaping the platform’s behaviour and the participants’ interaction and leading towards safer enterprise interoperability. We design the MSPs Privacy Requirements Framework and the MSPs Security Architecture, in order to cater for specific use case-centric and platform-centric cybersecurity requirements. To ensure compliance with the upcoming GDPR, we discuss the mapping between elicited cybersecurity requirements and GDPR rules. The new GDPR is expected to have significant implications on businesses in the EU, and our approach is designed to achieve full compliance with it.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Hardcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Hagiu, A., & Wright, J. (2011). Multi-sided platforms. Working Paper 12-024. Boston, MA: Harvard Business School.
Google Scholar
Hagiu, A., & Wright, J. (2008). Multi-sided platforms: From microfoundations to design and expansion strategies. Working Paper 09-115. Boston, MA: Harvard Business School.
Google Scholar
Evans, D. S. (2009). How catalysts ignite: The economics of platform-based start-ups. In A. Gawer (Ed.), A platform, markets and innovation (pp. 99–130). Cheltenham and Northampton, US: Edward Elgar.
Google Scholar
Tiwana, A. (2014). Platform ecosystems, aligning architecture, governance, and strategy. Amsterdam: Morgan Kaufmann.
Google Scholar
Staykova, K., & Damsgaard, J. (2016). Adoption of mobile payment platforms: Managing reach and range. Jounal of Theoretical and Applied Electronic Commerce Research. ISSN 0718-1876.
Google Scholar
ISO/IEC 27000:2009 (E). (2009). Information technology—Security techniques—Information security management systems—Overview and vocabulary. ISO/IEC.
Google Scholar
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). Online: http://bit.ly/2xfYFv3. Last Access September 2017.
World Privacy Forum. (2008). A brief introduction to fair information practices. Online: http://bit.ly/2xmslsb. Last Access September 2017.
Gürses, S., Tronsoco, C., & Diaz, C. (2011). Engineering privacy by design. COSIC 2011. Online: https://www.esat.kuleuven.be/cosic/publications/article-2589.pdf.
Warren, T. (2017). Microsoft finally reveals what data Windows 10 really collects. Online available from: http://bit.ly/2EJRrC2. Last Access October 2017.
Boomi, D. (2017). How Windows 10 data collection trades privacy for security. Online: http://bit.ly/2gQyhAK. Last Access October 2017.
Microsoft whitepaper. (2017). Beginning your General Data Protection Regulations (GDPR) Journey for Windows 10. (2017). Online available: http://bit.ly/2iRu1p2.
Amini, M. (1993). Formal methods for information security. Online: http://bit.ly/2mxvb6Y.
Martin, A., Lyle, J., & Namilkuo, C. (2012). Provenance as a security control. In Proceedings of the 4th USENIX conference on theory and practice of provenance, USA.
Google Scholar
Sultana, S., Bertino, E., & Shehab, M. (2011). A provenance based mechanism to identify malicious packet dropping adversaries in sensor networks. ICDCSW, 2011, 332–338.
Google Scholar
Overview of the GDPR. (2017). Online: http://bit.ly/29lxF0U.
Innerbichler, J., Gonul, S., Damjanovic-Behrendt, V., Mandler, B., & Strohmeier, F. (2017). NIMBLE collaboration platform: Microservice architectural approach to federated IoT. In Proceedings of the 1st Global IoT Summit 2017 (GIoTS’17), Switzerland.
Google Scholar
NIMBLE D6.1. (2017). Security and privacy requirements. Project Deliverable. (To appear: https://www.nimble-project.org/deliverables/).
Shostack, A. (2014). Threat modelling. Designing for security. USA: Wiley.
Google Scholar

Download references

Author information

Authors and Affiliations

Salzburg Research, Jakob Haringer Str. 5/II, 5020, Salzburg, Austria
Violeta Damjanovic-Behrendt

Authors

Violeta Damjanovic-Behrendt
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Violeta Damjanovic-Behrendt .

Editor information

Editors and Affiliations

Future Manufacturing Applied Research Centre, Coventry University, Coventry, UK
Keith Popplewell
BIBA, Universität Bremen, Bremen, Germany
Klaus-Dieter Thoben
Business Process and Factory Management, Fraunhofer IPK, Berlin, Germany
Thomas Knothe
Higher Polytechnic School of Alcoy, Polytechnic University of Valencia, Alcoy, Alicante, Spain
Raúl Poler

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Damjanovic-Behrendt, V. (2019). Cybersecurity Requirements for Supporting Enterprise Interoperability of Multi-sided Platforms. In: Popplewell, K., Thoben, KD., Knothe, T., Poler, R. (eds) Enterprise Interoperability VIII. Proceedings of the I-ESA Conferences, vol 9. Springer, Cham. https://doi.org/10.1007/978-3-030-13693-2_1

Download citation

DOI: https://doi.org/10.1007/978-3-030-13693-2_1
Published: 26 April 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-13692-5
Online ISBN: 978-3-030-13693-2
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics