Reference Hub

This research has been cited in:

Chapter
A Case Study on the Impact of Forensic-Ready Information Systems on the Security PostureAdvanced Information Systems Engineering10.1007/978-3-031-34560-9_31
Article
Automation of service-based security-aware business processes in the CloudComputing10.1007/s00607-015-0476-3
Conference
Evolution of BPMN Models through e-VOL BPMN19th Brazilian Symposium on Software Quality10.1145/3439961.3439983
Conference
Risk-Oriented Design Approach For Forensic-Ready Software SystemsProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470052
Article
Risk-aware business process management using multi-view modeling: method and toolRequirements Engineering10.1007/s00766-021-00348-2
Chapter
A Valid BPMN Extension for Supporting Security Requirements Based on Cyber Security OntologyModel and Data Engineering10.1007/978-3-030-00856-7_14
Chapter
A Structured Approach to GDPR ComplianceDigital Transformation of Collaboration10.1007/978-3-030-48993-9_16
Article
Business Models for Distributed-Simulation Orchestration and Risk ManagementInformation10.3390/info12020071
Chapter
An Experience Report of Improving Business Process Compliance Using Security Risk-Oriented PatternsThe Practice of Enterprise Modeling10.1007/978-3-319-25897-3_18
Article
Contributions for risk assessment of IoT-aware business processes at different granularity levelsProcedia Computer Science10.1016/j.procs.2021.08.102
Article
Addressing insider attacks via forensic-ready risk managementJournal of Information Security and Applications10.1016/j.jisa.2023.103433
Conference
Scenarios for Process-Aware Insider Attack Detection in ManufacturingProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544449
Chapter
Model Comprehension and Stakeholder Appropriateness of Security Risk-Oriented Modelling LanguagesEnterprise, Business-Process and Information Systems Modeling10.1007/978-3-662-43745-2_23
Chapter
BPMN4FRSS: An BPMN Extension to Support Risk-Based Development of Forensic-Ready Software SystemsEvaluation of Novel Approaches to Software Engineering10.1007/978-3-031-36597-3_2
Chapter
Ontological Support for Process-Oriented Competency ManagementInformation Technology for Management. Ongoing Research and Development10.1007/978-3-319-77721-4_3
Conference
Distributed Simulation For A Modeling And Simulation Tool: Papyrus2019 Spring Simulation Conference (SpringSim)10.23919/SpringSim.2019.8732868
Chapter
Pattern-Based Security Requirements Derivation from Secure Tropos ModelsThe Practice of Enterprise Modeling10.1007/978-3-319-25897-3_5
Chapter
A BPMN Extension for Business Process Outsourcing to the CloudNew Knowledge in Information Systems and Technologies10.1007/978-3-030-16181-1_78
Chapter
Achieving GDPR Compliance of BPMN Process ModelsInformation Systems Engineering in Responsible Information Systems10.1007/978-3-030-21297-1_2
Chapter
Towards Process-Oriented IIoT Security Management: Perspectives and ChallengesEnterprise, Business-Process and Information Systems Modeling10.1007/978-3-031-07475-2_2
Article
Security Requirements Elicitation from Airline Turnaround ProcessesBusiness & Information Systems Engineering10.1007/s12599-018-0518-4
Article
An efficient security data-driven approach for implementing risk assessmentJournal of Information Security and Applications10.1016/j.jisa.2020.102593
Article
riskaBPMN - a BPMN extension for risk assessmentProcedia Computer Science10.1016/j.procs.2021.01.324
Chapter
Hybrid Security Approach for Behavioural Privacy of Business Processes in a Cloud EnvironmentComputational Science and Its Applications – ICCSA 2023 Workshops10.1007/978-3-031-37105-9_19
Conference
Process Meta Model extended for the improvement cycle in a SoS Context2019 4th World Conference on Complex Systems (WCCS)10.1109/ICoCS.2019.8930769
Chapter
Financial Risk Management in e-commerce Using Executable Business Process Modeling NotationDistributed Computing and Internet Technology10.1007/978-3-319-14977-6_19
Article
Security and privacy concerns in cloud-based scientific and business workflows: A systematic reviewFuture Generation Computer Systems10.1016/j.future.2023.05.015
Conference
Insider Threat: Enhancing BPM through Social Media2014 6th International Conference on New Technologies, Mobility and Security (NTMS)10.1109/NTMS.2014.6814027
Chapter
Classification of Domain-Specific BPMN ExtensionsThe Practice of Enterprise Modeling10.1007/978-3-662-45501-2_4
Article
BPRIM: An integrated framework for business process management and risk managementComputers in Industry10.1016/j.compind.2019.103129
Article
Risk management and distributed simulation in Papyrus tool for decision making in industrial contextComputers & Industrial Engineering10.1016/j.cie.2019.106039
Article
BPRIM: An integrated framework for business process management and risk managementComputers in Industry10.1016/j.compind.2020.103199
Article
Automated threat modelling and risk analysis in e-Government using BPMNConnection Science10.1080/09540091.2023.2284645
Article
A Survey of Risk-Aware Business Process ModellingInternational Journal of Risk and Contingency Management10.4018/IJRCM.2017070102
Chapter
A Survey of Risk-Aware Business Process ModellingSustainable Business10.4018/978-1-5225-9615-8.ch045
Article
Towards a BPMN Security Extension for the Visualization of Cyber Security RequirementsInternational Journal of Technology Diffusion10.4018/IJTD.2020040101

An Extension of Business Process Model and Notation for Security Risk Management

Olga Altuhhov, Raimundas Matulevičius, Naved Ahmed

Source Title: International Journal of Information System Modeling and Design (IJISMD)4(4)

ISSN: 1947-8186|EISSN: 1947-8194|EISBN13: 9781466635906|DOI: 10.4018/ijismd.2013100105

Cite Article Cite Article

MLA

Altuhhov, Olga, et al. "An Extension of Business Process Model and Notation for Security Risk Management." IJISMD vol.4, no.4 2013: pp.93-113. http://doi.org/10.4018/ijismd.2013100105

APA

Altuhhov, O., Matulevičius, R., & Ahmed, N. (2013). An Extension of Business Process Model and Notation for Security Risk Management. International Journal of Information System Modeling and Design (IJISMD), 4(4), 93-113. http://doi.org/10.4018/ijismd.2013100105

Chicago

Altuhhov, Olga, Raimundas Matulevičius, and Naved Ahmed. "An Extension of Business Process Model and Notation for Security Risk Management," International Journal of Information System Modeling and Design (IJISMD) 4, no.4: 93-113. http://doi.org/10.4018/ijismd.2013100105

Export Reference

Favorite Full-Issue Download

View Full Text HTML

View Full Text PDF

Abstract

Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.

Username or email: *

Password: *

Forgot individual login password?

Create individual account

An Extension of Business Process Model and Notation for Security Risk Management

MLA

APA

Chicago

Export Reference

Abstract

Request Access