TY - GEN
T1 - Supporting secure business process design via security process patterns
AU - Argyropoulos, Nikolaos
AU - Mouratidis, Haralambos
AU - Fish, Andrew
PY - 2017/5/1
Y1 - 2017/5/1
N2 - Security is an important non-functional characteristic of the business processes used by organisations for the coordination of their activities. Nevertheless, the implementation of security at the operational level can be challenging due to the limited security expertise of process designers and the delayed consideration of security during process development. To overcome such issues, expert knowledge and proven security solutions can be captured in the form of process patterns, which can easily be reused and integrated to business processes with minimal security-related knowledge required. In this work we introduce process-level security patterns, each of which contains the main activities required for the operationalisation of different security requirements. The introduced patterns are then used as a component of an existing framework for the creation of secure business process designs, the application of which, is illustrated through a working example. A preliminary evaluation of the proposed patterns is conducted via a workshop session.
AB - Security is an important non-functional characteristic of the business processes used by organisations for the coordination of their activities. Nevertheless, the implementation of security at the operational level can be challenging due to the limited security expertise of process designers and the delayed consideration of security during process development. To overcome such issues, expert knowledge and proven security solutions can be captured in the form of process patterns, which can easily be reused and integrated to business processes with minimal security-related knowledge required. In this work we introduce process-level security patterns, each of which contains the main activities required for the operationalisation of different security requirements. The introduced patterns are then used as a component of an existing framework for the creation of secure business process designs, the application of which, is illustrated through a working example. A preliminary evaluation of the proposed patterns is conducted via a workshop session.
KW - Business process modelling
KW - Business process security
KW - requirements
KW - Security
KW - Security process patterns
UR - http://www.scopus.com/inward/record.url?scp=85021244878&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-59466-8_2
DO - 10.1007/978-3-319-59466-8_2
M3 - Conference contribution with ISSN or ISBN
AN - SCOPUS:85021244878
SN - 9783319594651
T3 - Lecture Notes in Business Information Processing
SP - 9
EP - 13
BT - Enterprise, Business-Process and Information Systems Modeling - 18th International Conference, BPMDS 2017, 22nd International Conference, EMMSAD 2017 Held at CAiSE 2017, Proceedings
PB - Springer-Verlag
T2 - 18th International Conference on Business Process Modeling, Development and Support, BPMDS 2017 and 22nd International Conference on Evaluation and Modeling Methods for Systems Analysis and Development, EMMSAD 2017 held at Conference on Advanced Information Systems Engineering, CAiSE 2017
Y2 - 12 June 2017 through 13 June 2017
ER -
