Toward the Engineering of Security of Information Systems (ESIS): UML and the IS Confidentiality

Managing the security of information systems (SIS) is at once a tedious task and the cornerstone of business in a highly competitive environment. Successful control of the SIS in a business requires many years of experience, expertise and continuous improvement. This implies real know-how for the employees who are responsible for SIS control. This article focuses on the encapsulation of this know-how into UML models through profiles according to the meta-object facility (MOF) standards from the object management group (OMG). The main idea is to understand, manipulate and exploit this delicate and valuable know-how without being necessarily an expert on SIS. This challenge is threefold: firstly, to find a common language, as well as approaches and tools for Engineering of both IS and SIS; secondly, to generate earnings and make use of the enormous progress in Engineering of IS, to establish and improve Engineering of SIS; and thirdly, to achieve homogeneous management and follow-up of IT projects and their security. This paper presents the context of the Engineering of Security of Information Systems, its importance and the feasibility of this challenge.