Towards a Security Engineering Process Model for Electronic Business Processes

Business process management (BPM) and accompanying systems aim at enabling enterprises to become adaptive. In spite of the dependency of enterprises on secure business processes, BPM languages and techniques provide only little support for security. Several complementary approaches have been proposed for security in the domain of BPM. Nevertheless, support for a systematic procedure for the development of secure electronic business processes is still missing. In this paper, we pinpoint the need for a security engineering process model in the domain of BPM and identify key requirements for such process model.

[1]  Rayford B. Vaughn,et al.  An empirical study of industrial security-engineering practices , 2002, J. Syst. Softw..

[2]  Mario Piattini,et al.  Secure business process model specification through a UML 2.0 activity diagram profile , 2011, Decis. Support Syst..

[3]  Paul P. Tallon Inside the adaptive enterprise: an information technology capabilities perspective on business process agility , 2008, Inf. Technol. Manag..

[4]  Thomas Neubauer,et al.  Workshop-Based Risk Assessment for the Definition of Secure Business Processes , 2010, 2010 Second International Conference on Information, Process, and Knowledge Management.

[5]  Carsten Rudolph,et al.  A business process-driven approach to security engineering , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..

[6]  T. Davenport The coming commoditization of processes. , 2005, Harvard business review.

[7]  Jan Jürjens,et al.  Security and Dependability Engineering , 2009, Security and Dependability for Ambient Intelligence.

[8]  Konstantin Knorr,et al.  Security Analysis of Electronic Business Processes , 2004, Electron. Commer. Res..

[9]  Peter Herrmann,et al.  Security requirement analysis of business processes , 2006, Electron. Commer. Res..

[10]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[11]  George Spanoudakis,et al.  Security and Dependability for Ambient Intelligence , 2009, Security and Dependability for Ambient Intelligence.

[12]  Ruth Breu,et al.  Key Issues of a Formally Based Process Model for Security Engineer-ing , 2003 .

[13]  Marta Indulska,et al.  Business Process Modeling- A Comparative Analysis , 2009, J. Assoc. Inf. Syst..

[14]  Vijayalakshmi Atluri,et al.  Security for Workflow Systems , 2001, Inf. Secur. Tech. Rep..