A taxonomy for assessing security in business process modelling

The idea of business processes as a key concept to underpin organisational activities are increasingly recognised. Business processes must be able to accommodate security engineering from the early stages rather at the later stages of process development (i.e., design and implementation). This raises a question whether the business processes are performed securely. In this paper, we take a deeper look into the various taxonomies in which the business process models and security have been classified. We find that existing taxonomies do not support security across all the business modelling perspectives. The main contribution of this paper is that we propose a comprehensive three dimensional taxonomy of business process security which identifies the manner to facilitates business processes and security. This taxonomy is subsequently used to classify a set of security risk-oriented patterns and identify their potential occurrences to deploy these security patterns in business processes. The application of the taxonomy is illustrated using a running example.