The term security assurance has been used in the computer science literature to express theconfidence that one has in the strength of the security measures. The need for a methodology tomeasure current security assurance levels of a system has been reported in the literature as vital inorder to...

In today's world, where most of the critical infrastructures are based on distributed systems, security failures have become very common, even within large corporations. A system with security loopholes can be damaging for companies, both in terms of reputation and finances, while customers are...

Security is a major target for today’s information systems (IS) designers. Security modelling languages exist to reason on security in the early phases of IS development, when the most crucial design decisions are made. Reasoning on security involves analysing risk, and effectively...

Enterprise Systems potentially lead to significant efficiency gains but require a well-conducted configuration process. A promising idea to manage and simplify the configuration process is based on the premise of using reference models for this task. Our paper continues along this idea and...