Workflow-Management-Systems: Source and Solution of Privacy Problems in Organisations

Introduction of workflow management systems (WMS) in organisations implies various information concerning employees’ productivity and performance to be generated and available on computer systems with extensive capabilities for exploitation of this personal information. In this chapter we will consider the privacy problems concerning personal information that arise by an introduction of WMS. We will show that these problems concern information misuse in general and that WMS also provide means to solve this problem. Hence, we will not consider IT security concerning confidentiality, integrity and availability of WMS, i.e. workflow services and data. Appropriate solutions for these basic security issues are well known and available by traditional means of IT security.

[1]  Dalenca Pottas,et al.  MAPS - Model for Automated Profile Specification , 1992, SEC.

[2]  Stephanie Teufel,et al.  A Formal Security Design Approach for Information Exchange in Organisations , 1995, DBSec.

[3]  Mike Martin,et al.  Enterprise Modeling and Security Policies , 1990, DBSec.

[4]  Terry Winograd,et al.  The action workflow approach to workflow management technology , 1992, CSCW '92.

[5]  Charles E. Bland,et al.  3 – Structure and Development , 1985 .

[6]  Simon R. Wiseman,et al.  A Consideration of the Modes of Operation for Secure Systems , 1994, ESORICS.

[7]  Stephanie Teufel,et al.  A Context Authentication Service for Role Based Access Control in Distributed Systems - CARDS , 1995 .

[8]  Jan H. P. Eloff,et al.  Security classification for documents , 1996, Comput. Secur..

[9]  Gene Tsudik,et al.  KryptoKnight Authentication and Key Distribution System , 1992, ESORICS.

[10]  K. Eason Information Technology and Organizational Change , 1989 .

[11]  Vijay Gurbaxani,et al.  The impact of information systems on organizations and markets , 1991, CACM.

[12]  Helmut G. Stiegler,et al.  Discretionary access control by means of usage conditions , 1994, Comput. Secur..

[13]  Martin Kratz,et al.  Control and Security of Computer Information Systems , 1988 .

[14]  Allan L. Scherr,et al.  A New Approach to Business Processes , 1993, IBM Syst. J..

[15]  Terry Winograd,et al.  Understanding computers and cognition , 1986 .

[16]  Jeff Smith,et al.  Privacy policies and practices: inside the organizational maze , 1993, CACM.

[17]  Terry Winograd,et al.  A Language/Action Perspective on the Design of Cooperative Work , 1987, SGCH.

[18]  John E. Dobson,et al.  A Methodology for Analysing Human and Computer-related Issues in Secure Systems , 1990 .

[19]  Kwok-Yan Lam,et al.  Context-Dependent Access Control in Distributed Systems , 1993, SEC.

[20]  Hubert F. Hofmann,et al.  Reaching out for Quality: Considering Security Requirements in the Design of Information Systems , 1994, CAiSE.

[21]  L. G. Lawrence The role of roles , 1993, Comput. Secur..

[22]  Dieter Gollmann,et al.  Authentication services in distributed systems , 1993, Comput. Secur..

[23]  Gordon B. Davis,et al.  Management information systems : conceptual foundations, structure, and development , 1985 .

[24]  Martin Smith Document security , 1992 .

[25]  Dietrich Franz,et al.  Datenschutz und Datensicherung , 1990 .

[26]  Imtiaz Mohammed,et al.  Design for dynamic user-role-based security , 1994, Comput. Secur..

[27]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[28]  Jan Hruska,et al.  Computer security reference book , 1992 .

[29]  Shivraj Kanungo Identity authentication in heterogeneous computing environments: a comparative study for an integrated framework , 1994, Comput. Secur..

[30]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.