Abstract
Business process definition and analysis are an important activity for any organisation. As research has demonstrated, well-defined business processes can reduce cost, improve productivity and provide organisations with competitive advantages. In the last few years, the need to ensure the security of business processes has been identified as a major research challenge. Limited security expertise of business process developers together with a clear lack of appropriate methods and techniques to support the security analysis of business processes is important prohibitors to providing answers to that research challenge. This paper introduces the first attempt in the literature to produce a novel pattern-based approach to support the design and analysis of secure business processes. Our work draws on elements from the security requirements engineering area and the security patterns area, combined with business process modelling, and it produces a set of process-level security patterns which are used to implement security in a given business process model. Such an approach advances the existing literature by providing a structured way of operationalising security at the business process level of abstraction. The applicability of the work is illustrated through an application to a real-life information system, and the effectiveness and usability of the work are evaluated via a workshop-based experiment. The evaluation clearly indicates that non-experts are able to comprehend and utilise the developed patterns to construct secure business process designs.
Original language | English |
---|---|
Pages (from-to) | 555–577 |
Journal | Software and Systems Modeling |
Volume | 19 |
DOIs | |
Publication status | Published - 13 Jul 2019 |
Keywords
- Business process modelling
- Business process security
- Security process patterns
- Security requirements engineering
Fingerprint Dive into the research topics of 'Enhancing secure business process design with security process patterns'. Together they form a unique fingerprint.
Profiles
-
Haris Mouratidis
- School of Computing, Engineering & Maths - Prof of Software Systems Engineering
- Centre for Secure, Intelligent and Usable Systems
Person: Academic