Multiobjective decision support for defining secure business processes: a case study
International Journal of Business Intelligence and Data Mining
An adaptive automated method for identity verification with performance guarantees
Electronic Commerce Research
Towards CIM to PIM transformation: from secure business processes defined in BPMN to use-cases
BPM'07 Proceedings of the 5th international conference on Business process management
Information and Software Technology
Secure business process model specification through a UML 2.0 activity diagram profile
Decision Support Systems
Security and safety of assets in business processes
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Analysis-level classes from secure business processes through model transformations
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Real-time risk monitoring in business processes: A sensor-based approach
Journal of Systems and Software
Information and Software Technology
Threat modeling of a mobile device management system for secure smart work
Electronic Commerce Research
Securing business processes using security risk-oriented patterns
Computer Standards & Interfaces
Hi-index | 0.00 |
Economic globalization leads to complex decentralized company structures calling for the extensive use of distributed IT-systems. The business processes of a company have to reflect these changes of infrastructure. In particular, due to new electronic applications and the inclusion of a higher number of--potentially unknown--persons, the business processes are more vulnerable against malicious attacks than traditional processes. Thus, a business should undergo a security analysis. Here, the vulnerabilities of the business process are recognized, the risks resulting from the vulnerabilities are calculated, and suitable safeguards reducing the vulnerabilities are selected. Unfortunately, a security analysis tends to be complex and affords expensive security expert support. In order to reduce the expense and to enable domain experts with in-depth insight in business processes but with limited knowledge about security to develop secure business processes, we developed the framework MoSSBP facilitating the handling of business process security requirements from their specification to their realization. In particular, MoSS BP provides graphical concepts to specify security requirements, repositories of various mechanisms enforcing the security requirements, and a collection of reference models and case studies enabling the modification of the business processes. In this paper, the MoSS BP -framework is presented. Additionally, we introduce a tool supporting the MoSSBP-related security analysis of business processes and the incorporation of safeguards. This tool is based on object-oriented process models and acts with graph rewrite systems. Finally, we clarify the application of the MoSSBP-framework by means of a business process for tender-handling which is provided by anonymity-preserving safeguards.