Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security

Agnes Åkerlund, Christine Große

Abstract

This article explores the question of how to measure information security. Organisational information security is difficult to evaluate in this complex area because it includes numerous factors. The human factor has been acknowledged as one of the most challenging factors to consider in the field of information security. This study models the application of data envelopment analysis to business processes in order to facilitate the evaluation of information security that includes human factors. In addition to the model, this study demonstrates that data envelopment analysis provides an efficiency measure to assess the information security level of a business process. The novel approach that is proposed in this paper is exemplified with the aid of three fictive processes. The Business Process Model and Notation has been used to map the processes because it facilitates the visualisation of human interactions in processes and the form of the processed information. The combination of data envelopment analysis with process modelling and analyses of process deficiencies and threats to information security enables the evaluation of information security to include human factors in the analyses. Moreover, it provides a measure to benchmark information security in organisational processes.

Download


Paper Citation


in Harvard Style

Åkerlund A. and Große C. (2020). Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security.In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 281-288. DOI: 10.5220/0008875802810288


in Bibtex Style

@conference{icissp20,
author={Agnes Åkerlund and Christine Große},
title={Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={281-288},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008875802810288},
isbn={978-989-758-399-5},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security
SN - 978-989-758-399-5
AU - Ã…kerlund A.
AU - Große C.
PY - 2020
SP - 281
EP - 288
DO - 10.5220/0008875802810288