论文信息 - A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management

A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management

In the past years, regulative bodies have obliged a more stringent consideration of risk and security management. This development forced companies to apply risk, security and business process management in a more integrated way. Simultaneously, it can be observed that the scientific community intensified research activities in this integrative domain. Within this survey paper we examine scientific research efforts in the field of security and risk related business process/workflow management. Therefore we survey nine representative approaches and identify research challenges in this area.

Gerald Quirchmayr | Stefan Jakoubi | Gernot Goluch | Simon Tjoa

[1] Miroslaw Malek,et al. Modeling Business Process Availability , 2008, 2008 IEEE Congress on Services - Part I.

[2] Gerald Quirchmayr,et al. Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation , 2008, ECIS.

[3] Gerald Quirchmayr,et al. Enhancing Business Impact Analysis and Risk Assessment Applying a Risk-Aware Business Process Modeling and Simulation Methodology , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[4] Mario Piattini,et al. A BPMN Extension for the Modeling of Security Requirements in Business Processes , 2007, IEICE Trans. Inf. Syst..

[5] Lutz Lowis,et al. A Risk Based Approach for Selecting Services in Business Process Execution , 2009, Wirtschaftsinformatik.

[6] Stefan Biffl,et al. Business Process-based Valuation of IT-Security , 2005 .

[7] Mario Piattini,et al. Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes , 2006, TrustBus.

[8] Wil M. P. van der Aalst,et al. Process Mining and Security: Detecting Anomalous Process Executions and Checking Process Conformance , 2005, WISP@ICATPN.

[9] Stefan Sackmann,et al. A Reference Model for Process-Oriented IT Risk Management , 2008, ECIS.