A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
Intrusion detection
Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Business Continuity Planning: Protecting Your Organization's Life
Business Continuity Planning: Protecting Your Organization's Life
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
IT Professional
Artificial Intelligence: A Modern Approach
Artificial Intelligence: A Modern Approach
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
Requirements Engineering for Sociotechnical Systems
Requirements Engineering for Sociotechnical Systems
A Model Supporting Business Continuity Auditing and Planning in Information Systems
ICIMP '07 Proceedings of the Second International Conference on Internet Monitoring and Protection
Managing Business Process Risk Using Rich Organizational Models
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 02
Business Process Management: Concepts, Languages, Architectures
Business Process Management: Concepts, Languages, Architectures
Modelling risk and identifying countermeasure in organizations
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Business Process-Based Resource Importance Determination
BPM '09 Proceedings of the 7th International Conference on Business Process Management
Real-time risk monitoring in business processes: A sensor-based approach
Journal of Systems and Software
| Hi-index | 0.00 |
Business Continuity Management (BCM) is a process to manage risks, emergencies, and recovery plans of an organization during a crisis. It results in a document called Business Continuity Plans (BCP) that specifies the methodology and procedures required to backup and recover the functional unit of a disrupted business. Traditionally, the BCP assessment is based only on the continuity of IS infrastructures and does not consider possible relations with the business objectives and business processes. This traditional approach assumes that the risk of business continuity is resulted from the disruption of the IS infrastructures. However, we believe there are situations where the risk emerges even the infrastructures up and running. Moreover, the lack of modeling framework and the aided-tool make the process even harder.In this paper, we propose a framework to support modeling and analysis of BCP from the organization perspective, where risks and treatments are modeled and analyzed along strategic objectives and their realizations. An automated reasoner based on cost-benefit analysis techniques is proposed to elicit and then adopt the most cost-efficient plan. The approach is developed using the Tropos Goal-Risk Framework and the Time Dependency and Recovery Model as underlain frameworks. A Loan Originating Process case study is used as a running example to illustrate the proposal.