Communications of the ACM - Special issue on analysis and modeling in software development
Process innovation: reengineering work through information technology
Process innovation: reengineering work through information technology
Information Security: An Integrated Collection of Essays
Information Security: An Integrated Collection of Essays
Dealing with Security Requirements During the Development of Information Systems
CAiSE '93 Proceedings of Advanced Information Systems Engineering
Modeling and Analyzing Separation of Duties in Workflow Environments
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
Security Requirements of E-Business Processes
I3E '01 Proceedings of the IFIP Conference on Towards The E-Society: E-Commerce, E-Business, E-Government
A Prototype Secure Workflow Server
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
A Language for Modeling Secure Business Transactions
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Dynamic access control through Petri net workflows
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Multiobjective decision support for defining secure business processes: a case study
International Journal of Business Intelligence and Data Mining
Automatic information flow analysis of business process models
BPM'12 Proceedings of the 10th international conference on Business Process Management
Information and Software Technology
Enhanced security in internet voting protocol using blind signature and dynamic ballots
Electronic Commerce Research
The prediction of network efficiency in the smart grid
Electronic Commerce Research
The security service rating design for IT convergence services
Electronic Commerce Research
Securing business processes using security risk-oriented patterns
Computer Standards & Interfaces
Hi-index | 0.00 |
This article introduces POSeM, a method that uses business process descriptions to derive appropriate security safeguards. This is achieved by assigning security levels to the components of a business process such as actors, artefacts, and activities with a specially developed description language. These levels are checked for consistency, and security measures are derived using a configurable rule base that maps security objectives to safeguards. POSeM in practice is illustrated by an application to electronic business, i.e., the publication process of information for a company's web-site. Both the advantages of POSeM and its possible refinements are discussed.