| Much attention has recently been devoted to security issues, and it has become apparent that a high security level should be a fundamental prerequisite for all business processes—both in the commercial and public sector. The steadily increasing number of reported security incidents indicates that organizations need additional help in addressing basic security issues, ranging from enterprise plans through software systems to operational practices.
In general, security is not adequately addressed in enterprises and the systems that they build and operate. One reason is that security covers a broad area: it is a big challenge to define secure business processes and to develop and operate the corresponding systems and applications securely. The situation is becoming more challenging because of the increasing openness of systems and enterprises, due largely to the rise of the Internet and e-business technologies. It is very difficult achieve security, especially in distributed environments, as there are many different organizations, individuals, technical components and mechanisms involved. In addition, trust relationships change frequently, which makes a complete analysis of security requirements very hard. As modern business processes become more and more complex, the overall problem space is no longer easily comprehensible for the people involved. |