Model-based Framework for Change Management and Integrated Development of Information Security

Abstract

This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B change management with empirical validation within a commercial SME. The framework supports MDE process of enterprise architecture re-engineering integrating the development of information security