IDEAS home Printed from https://ideas.repec.org/a/igg/jismd0/v4y2013i4p93-113.html
   My bibliography  Save this article

An Extension of Business Process Model and Notation for Security Risk Management

Author

Listed:
  • Olga Altuhhov

    (Institute of Computer Science, University of Tartu, Tartu, Estonia)

  • Raimundas Matulevičius

    (Institute of Computer Science, University of Tartu, Tartu, Estonia)

  • Naved Ahmed

    (Institute of Computer Science, University of Tartu, Tartu, Estonia)

Abstract

Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

Suggested Citation

  • Olga Altuhhov & Raimundas Matulevičius & Naved Ahmed, 2013. "An Extension of Business Process Model and Notation for Security Risk Management," International Journal of Information System Modeling and Design (IJISMD), IGI Global, vol. 4(4), pages 93-113, October.
    • Handle: RePEc:igg:jismd0:v:4:y:2013:i:4:p:93-113
    as

    Download full text from publisher

    File URL: http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/ijismd.2013100105
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Rafika Thabet & Dominik Bork & Amine Boufaied & Elyes Lamine & Ouajdi Korbaa & Hervé Pingaud, 2021. "Risk-aware business process management using multi-view modeling: method and tool," Post-Print hal-03202277, HAL.
    2. Raimundas Matulevičius & Alex Norta & Silver Samarütel, 2018. "Security Requirements Elicitation from Airline Turnaround Processes," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 60(1), pages 3-20, February.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:igg:jismd0:v:4:y:2013:i:4:p:93-113. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Journal Editor (email available below). General contact details of provider: https://www.igi-global.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.