SecEPM: A Security Engineering Process Model for Electronic Business Processes

Business process management (BPM) and accompanying systems allow organizations to react faster both to environmental and market changes. Therefore, BPM is widely applied in industry. Although organizations depend on the secure enactment of electronic business processes, existing BPM languages and techniques provide only little support for security. Several approaches have been proposed to close the gap for security in the domain of BPM. Nevertheless, an approach to develop secure electronic business processes systematically is still missing. In this paper, we provide the design as well as key entities of our Security Engineering Process Model (SecEPM) for electronic business processes. SecEPM guides security, business process, and domain experts through the development of secure business processes from the identification of security goals to the selection and configuration of security controls. It integrates security in the development life cycle of electronic business processes in a flexible way, thus allowing for a secure, adaptable organization.