INFORMATION SYSTEMS SECURITY BASED ON BUSINESS PROCESS MODELING

Joseph Barjis

2009

Abstract

In this paper, we propose a conceptual model and develop a method for secure business process modeling towards information systems (IS) security. The emphasis of the proposed method is on social characteristics of systems, which is furnished through association of each social actor to their authorities, responsibilities and obligations. In turn, such an approach leads to secure information systems. The resulting modeling approach is a multi-method for developing secure business process models (secure BPM), where the DEMO transaction concept are used for business process modeling, and the Norm Analysis Method (organizational semiotics) for incorporating security safeguards into the model.

References

  1. Backes, M., Pfitzmann, B., & Waidner, M. (2003). Security in Business Process Engineering. In Proceedings of 2003 International Conference on Business Process Management. Lecture Notes in Computer Science vol. 2678, Springer.
  2. Backhouse, J., & Dhillon, G. (1996). Structures of responsibility and security of information systems. European Journal of Information Systems, 5, 2-9.
  3. Barjis, J., & Hall, M. (2007). A Healthcare Center Simulation Using Arena. In the proceedings of MSVVEIS'07”, June 12-13, Funchal, Madeira - Portugal.
  4. Dietz, J.L.G. (2006). Enterprise Ontology -Theory and Methodology. Springer.
  5. Firesmith, D. (2003). Security Use Case. Journal of Object Technology, Vol. 2 (3), pp. 53-64.
  6. Herrmann, P., & Herrmann, G. (2006). Security requirement analysis of business processes. Electronic Commerce Research, Vol. 6 (3-4), pp. 305-335.
  7. Mana, A., Montenegro, J.A., Rudolph, C., & Vivas, J.L. (2003). A business process-driven approach to security engineering. Proceedings of the 14th International Workshop on Database and Expert Systems Applications, pp. 477-481, Prague.
  8. Nagaratnam, N., Nadalin, A., Hondo, M., McIntosh, M., & Austel, P. (2005). Business-driven application security: From modeling to managing secure applications. IBM Systems Journal, Vol. 44, No 4.
  9. Rodríguez, A., Fernández-Medina, E., Piattini, M. (2007). A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Transactions on Information and Systems, Volume E90-D, Issue 4, Pages: 745-752.
  10. Stamper, R. K. (1994). Social Norms in Requirement Analysis - an outline of MEASUR. In Jirotka, M., & Gorguen, J. (Eds.) Requirements Engineering: Social and Technical Issues.
Download


Paper Citation


in Harvard Style

Barjis J. (2009). INFORMATION SYSTEMS SECURITY BASED ON BUSINESS PROCESS MODELING . In Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-8111-86-9, pages 213-218. DOI: 10.5220/0002006502130218


in Bibtex Style

@conference{iceis09,
author={Joseph Barjis},
title={INFORMATION SYSTEMS SECURITY BASED ON BUSINESS PROCESS MODELING},
booktitle={Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2009},
pages={213-218},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002006502130218},
isbn={978-989-8111-86-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - INFORMATION SYSTEMS SECURITY BASED ON BUSINESS PROCESS MODELING
SN - 978-989-8111-86-9
AU - Barjis J.
PY - 2009
SP - 213
EP - 218
DO - 10.5220/0002006502130218