IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations
navleft navright Research IRM Open Access IRMA Journals IRM Books Proceedings Membership

The IRMA Community

Calls for Papers
Online Symposium
Newsletters

Research IRM

Click a keyword to search titles using our InfoSci-OnDemand powered search:

An Extension of Business Process Model and Notation for Security Risk Management

An Extension of Business Process Model and Notation for Security Risk Management
View Sample PDF
Author(s): Olga Altuhhov (University of Tartu, Estonia), Raimundas Matulevičius (University of Tartu, Estonia)and Naved Ahmed (University of Tartu, Estonia)
 Copyright: 2015
 Pages: 23
 Source title: Standards and Standardization: Concepts, Methodologies, Tools, and Applications
Source Author(s)/Editor(s): Information Resources Management Association (USA)
 DOI: 10.4018/978-1-4666-8111-8.ch042

Purchase

View An Extension of Business Process Model and Notation for Security Risk Management on the publisher's website for pricing and purchasing information.

Abstract

Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

Related Content

Jeff Mangers, Christof Oberhausen, Meysam Minoufekr, Peter Plapper. © 2020. 26 pages.
Sylvain Maechler, Jean-Christophe Graz. © 2020. 27 pages.
Sabrina Petersohn, Sophie Biesenbender, Christoph Thiedig. © 2020. 41 pages.
Jonas Lundsten, Jesper Mayntz Paasch. © 2020. 21 pages.
Justus Alexander Baron. © 2020. 31 pages.
Vasileios Mavroeidis, Petros E. Maravelakis, Katarzyna Tarnawska. © 2020. 19 pages.
Hiam Serhan, Doudja Saïdi-Kabeche. © 2020. 30 pages.
IRMA Offers Over 2,500 Full Text Open Access Research Papers for Free Download Click to Start Searching Free IRM Research!

IRMA Sponsors

Sponsor IGI Global

Sponsor eContentPro

Encyclopedia of Information Science and Technology, Fourth Edition
Body Bottom
About Us | Contact | Sitemap | Legal | Policies
Copyright ©2024, Information Resources Management Association. 701 East Chocolate Avenue, Hershey, PA 17033.