Abstract
We report on work in capturing cybersecurity requirements for cloud-based and IoT-enabled multi-sided platforms (MSPs). Our approach is designed to capture security aspects related to business rules and constraints of MSPs, thus shaping the platform’s behaviour and the participants’ interaction and leading towards safer enterprise interoperability. We design the MSPs Privacy Requirements Framework and the MSPs Security Architecture, in order to cater for specific use case-centric and platform-centric cybersecurity requirements. To ensure compliance with the upcoming GDPR, we discuss the mapping between elicited cybersecurity requirements and GDPR rules. The new GDPR is expected to have significant implications on businesses in the EU, and our approach is designed to achieve full compliance with it.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Hagiu, A., & Wright, J. (2011). Multi-sided platforms. Working Paper 12-024. Boston, MA: Harvard Business School.
Hagiu, A., & Wright, J. (2008). Multi-sided platforms: From microfoundations to design and expansion strategies. Working Paper 09-115. Boston, MA: Harvard Business School.
Evans, D. S. (2009). How catalysts ignite: The economics of platform-based start-ups. In A. Gawer (Ed.), A platform, markets and innovation (pp. 99–130). Cheltenham and Northampton, US: Edward Elgar.
Tiwana, A. (2014). Platform ecosystems, aligning architecture, governance, and strategy. Amsterdam: Morgan Kaufmann.
Staykova, K., & Damsgaard, J. (2016). Adoption of mobile payment platforms: Managing reach and range. Jounal of Theoretical and Applied Electronic Commerce Research. ISSN 0718-1876.
ISO/IEC 27000:2009 (E). (2009). Information technology—Security techniques—Information security management systems—Overview and vocabulary. ISO/IEC.
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980). Online: http://bit.ly/2xfYFv3. Last Access September 2017.
World Privacy Forum. (2008). A brief introduction to fair information practices. Online: http://bit.ly/2xmslsb. Last Access September 2017.
Gürses, S., Tronsoco, C., & Diaz, C. (2011). Engineering privacy by design. COSIC 2011. Online: https://www.esat.kuleuven.be/cosic/publications/article-2589.pdf.
Warren, T. (2017). Microsoft finally reveals what data Windows 10 really collects. Online available from: http://bit.ly/2EJRrC2. Last Access October 2017.
Boomi, D. (2017). How Windows 10 data collection trades privacy for security. Online: http://bit.ly/2gQyhAK. Last Access October 2017.
Microsoft whitepaper. (2017). Beginning your General Data Protection Regulations (GDPR) Journey for Windows 10. (2017). Online available: http://bit.ly/2iRu1p2.
Amini, M. (1993). Formal methods for information security. Online: http://bit.ly/2mxvb6Y.
Martin, A., Lyle, J., & Namilkuo, C. (2012). Provenance as a security control. In Proceedings of the 4th USENIX conference on theory and practice of provenance, USA.
Sultana, S., Bertino, E., & Shehab, M. (2011). A provenance based mechanism to identify malicious packet dropping adversaries in sensor networks. ICDCSW, 2011, 332–338.
Overview of the GDPR. (2017). Online: http://bit.ly/29lxF0U.
Innerbichler, J., Gonul, S., Damjanovic-Behrendt, V., Mandler, B., & Strohmeier, F. (2017). NIMBLE collaboration platform: Microservice architectural approach to federated IoT. In Proceedings of the 1st Global IoT Summit 2017 (GIoTS’17), Switzerland.
NIMBLE D6.1. (2017). Security and privacy requirements. Project Deliverable. (To appear: https://www.nimble-project.org/deliverables/).
Shostack, A. (2014). Threat modelling. Designing for security. USA: Wiley.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Damjanovic-Behrendt, V. (2019). Cybersecurity Requirements for Supporting Enterprise Interoperability of Multi-sided Platforms. In: Popplewell, K., Thoben, KD., Knothe, T., Poler, R. (eds) Enterprise Interoperability VIII. Proceedings of the I-ESA Conferences, vol 9. Springer, Cham. https://doi.org/10.1007/978-3-030-13693-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-13693-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-13692-5
Online ISBN: 978-3-030-13693-2
eBook Packages: EngineeringEngineering (R0)