Title :
SecEPM: A Security Engineering Process Model for Electronic Business Processes
Author_Institution :
Fraunhofer Inst. for Secure Inf. Technol. (SIT), Darmstadt, Germany
Abstract :
Business process management (BPM) and accompanying systems allow organizations to react faster both to environmental and market changes. Therefore, BPM is widely applied in industry. Although organizations depend on the secure enactment of electronic business processes, existing BPM languages and techniques provide only little support for security. Several approaches have been proposed to close the gap for security in the domain of BPM. Nevertheless, an approach to develop secure electronic business processes systematically is still missing. In this paper, we provide the design as well as key entities of our Security Engineering Process Model (SecEPM) for electronic business processes. SecEPM guides security, business process, and domain experts through the development of secure business processes from the identification of security goals to the selection and configuration of security controls. It integrates security in the development life cycle of electronic business processes in a flexible way, thus allowing for a secure, adaptable organization.
Keywords :
business data processing; organisational aspects; security of data; BPM languages; SecEPM; business process management; electronic business processes; environmental changes; market changes; organizations; security controls; security engineering process model; Adaptation models; Analytical models; Catalogs; Organizations; Process control; Security; Business Process Management; Development Life Cycle; Security Engineering;
Conference_Titel :
e-Business Engineering (ICEBE), 2012 IEEE Ninth International Conference on
Conference_Location :
Hangzhou
Print_ISBN :
978-1-4673-2601-8
DOI :
10.1109/ICEBE.2012.41
