Title :
A taxonomy for assessing security in business process modelling
Author :
Ahmed, Nova ; Matulevicius, Raimundas
Author_Institution :
Inst. of Comput. Sci., Univ. of Tartu, Tartu, Estonia
Abstract :
The idea of business processes as a key concept to underpin organisational activities are increasingly recognised. Business processes must be able to accommodate security engineering from the early stages rather at the later stages of process development (i.e., design and implementation). This raises a question whether the business processes are performed securely. In this paper, we take a deeper look into the various taxonomies in which the business process models and security have been classified. We find that existing taxonomies do not support security across all the business modelling perspectives. The main contribution of this paper is that we propose a comprehensive three dimensional taxonomy of business process security which identifies the manner to facilitates business processes and security. This taxonomy is subsequently used to classify a set of security risk-oriented patterns and identify their potential occurrences to deploy these security patterns in business processes. The application of the taxonomy is illustrated using a running example.
Keywords :
business data processing; organisational aspects; pattern classification; risk analysis; security of data; business process modelling; business process security; organisational activities; process development; security assessment; security engineering; security risk-oriented pattern classification; three dimensional taxonomy; Analytical models; Availability; Business; Context; Security; Systematics; Taxonomy;
Conference_Titel :
Research Challenges in Information Science (RCIS), 2013 IEEE Seventh International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4673-2912-5
DOI :
10.1109/RCIS.2013.6577700
