Cybersecurity Requirements for Multi-Sided Platforms

Capturing cybersecurity requirements when designing multi-sided platforms can be quite a lot of work and it usually needs to be done in a limited timeframe. One of my research papers, presented in March 2018 at the I-ESA conference, in Berlin, reports on the requirements elicitation in the context of a B2B platform that is being developed in a European research project called NIMBLE (Collaborative Network for Industry, Manufacturing, Business and Logistics in Europe). Read the story here “Two NIMBLE research papers. One award at I-ESA 2018 in Berlin.”

The paper is now available through the Springer Proceedings of the I-ESA conferences “Enterprise Interoperability VIII”. You can easily find my chapter in the book – it’s the first one: https://www.springer.com/gp/book/9783030136925

Abstract

We report on work in capturing cybersecurity requirements for cloud-based and IoT-enabled multi-sided platforms (MSPs). Our approach is designed to capture security aspects related to business rules and constraints of MSPs, thus shaping the platform’s behaviour and the participants’ interaction and leading towards safer enterprise interoperability.We design the MSPs Privacy Requirements Framework and the MSPs Security Architecture, in order to cater for specific use case-centric and platform-centric cybersecurity requirements. To ensure compliance with the upcoming GDPR, we discuss the mapping between elicited cybersecurity requirements and GDPR rules. The new GDPR is expected to have significant implications on businesses in the EU, and our approach is designed to achieve full compliance with it.