Modeling and Assessing the Impact of Security Attacks on Enterprise Information Systems
Information systems (IS) are considered as a necessary component for majority of corporate enterprises since they ensure the storage, the processing and the exchange of enterprise data, that are the main functions for an IS composed of heterogeneous components including servers, networks, personnel, policies, etc. The success of an enterprise depends enormously on the quality of the deployed IS and the capability of such system to react against internal and external factors that may prevent the abovementioned functions to be ensured in an efficient manner. Among the factors that may degrade the performance of ISs and even cause the end of an enterprise activity is the security attacks such as unauthorized access to IS components, denial of service, and loss of data integrity, that may target the different IS components in addition to the enterprise data. Therefore, a system for monitoring the quality of IS is among the urgent needs in order to provide for enterprises a tool that helps them to detect possible degradation, localize the affected components and then reacts in an efficient manner to maintain an acceptable level of IS quality and then ensuring the appropriate services that guarantee the satisfaction of potential enterprises customers. In this context, the paper aims to provide a way to model IS considering a set of appropriate parameters and the needed steps to decide on information security investments. A Petri net-based model has been introduced to specify and assess the impact of security attacks on corporate information system quality, provides a set of metrics to monitor the impact, and discusses the relationships that these impact may have with the degradation of business processes success. The efficiency of the proposed scheme is evaluated through a simulation for a business process related to the online sales.
KeywordsInformation system quality Security attack System modeling Petri nets Monitoring Assessment
- 2.Capek, J., Hub, M., Myskova, R.: Basic authentication procedure modelled by Petri nets. Int. J. Comput. Commun. 4(4), 103–108 (2010)Google Scholar
- 3.Delone, W.H., McLean, E.R.: The delone and mclean model of information systems success: a ten-year update. J. Manage. Inf. Syst. 19(4), 9–30 (2003)Google Scholar
- 4.Keen, C., Lakos, C.: Information systems modelling using LOOPN++, an object Petri net scheme. In: Proceedings of 4th International Working Conference on Dynamic Modelling and Information Systems, pp. 28–30, 31–52. University Press (1994)Google Scholar
- 5.Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: ARES, pp. 41–48. IEEE Computer Society (2009)Google Scholar
- 8.Petter, S., DeLone, W.H., McLean, E.R.: Measuring information systems success: models, dimensions, measures, and interrelationships. EJIS 17(3), 236–263 (2008)Google Scholar