Business Process-Based Resource Importance Determination

Authors:
Stefan Fenz;Andreas Ekelhart;Thomas Neubauer
Affiliations:
Institute of Software Technology and Interactive Systems, Vienna University of Technology, Vienna, Austria A-1040;Secure Business Austria, Vienna, Austria A-1040;Secure Business Austria, Vienna, Austria A-1040
Venue:
BPM '09 Proceedings of the 7th International Conference on Business Process Management
Year:
2009

Citing 10
Cited 1

One approach to risk assessment

Computers and Security
Business process redesign: a Petri-net-based approach

Computers in Industry - Special double issue: WET ICE '95
Process-oriented architectures for electronic commerce and interorganizational workflow

Information Systems
The CORAS Framework for a Model-Based Risk Management Process

SAFECOMP '02 Proceedings of the 21st International Conference on Computer Safety, Reliability and Security
Ad-hoc workflow: problems and solutions

DEXA '97 Proceedings of the 8th International Workshop on Database and Expert Systems Applications
Generic Workflow Models: How to Handle Dynamic Change and Capture Management Information?

COOPIS '99 Proceedings of the Fourth IECIS International Conference on Cooperative Information Systems
The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers

International Journal of Electronic Commerce
Product-Based Workflow Design

Journal of Management Information Systems
Risk Assessment Method Based on Business Process-Oriented Asset Evaluation for Information System Security

ICCS '07 Proceedings of the 7th international conference on Computational Science, Part III: ICCS 2007
Analyzing Business Continuity through a Multi-layers Model

BPM '08 Proceedings of the 6th International Conference on Business Process Management

Mission Assurance Challenges within the Military Environment

International Journal of Interdisciplinary Telecommunications and Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

Information security risk management (ISRM) heavily depends on realistic impact values representing the resources' importance in the overall organizational context. Although a variety of ISRM approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can business processes be used to determine resources' importance in the overall organizational context? We answer this question by measuring the actual importance level of resources based on business processes. Therefore, this paper presents our novel business process-based resource importance determination method which provides ISRM with an efficient and powerful tool for deriving realistic resource importance figures solely from existing business processes. The conducted evaluation has shown that the calculation results of the developed method comply to the results gained in traditional workshop-based assessments.