Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Business Process-Based Resource Importance Determination

  • Conference paper
Business Process Management (BPM 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5701))

Included in the following conference series:

  • 2919 Accesses

Abstract

Information security risk management (ISRM) heavily depends on realistic impact values representing the resources’ importance in the overall organizational context. Although a variety of ISRM approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can business processes be used to determine resources’ importance in the overall organizational context? We answer this question by measuring the actual importance level of resources based on business processes. Therefore, this paper presents our novel business process-based resource importance determination method which provides ISRM with an efficient and powerful tool for deriving realistic resource importance figures solely from existing business processes. The conducted evaluation has shown that the calculation results of the developed method comply to the results gained in traditional workshop-based assessments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Gerber, M., von Solms, R.: Management of risk in the information age. Computers & Security 24, 16–30 (2004)

    Article  Google Scholar 

  2. Commission of the European Communities: Communication from the Commission to the Council, The European Parliament, The European Economic and Social Committee and the Committee of the Regions ’A strategy for a Secure Information Society - Dialogue, partnership and empowerment”. COM (2006) 251 final (2006)

    Google Scholar 

  3. Cavusoglu, H., Mishra, B., Raghunathan, S.: The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce 9(1), 69–104 (2004)

    Google Scholar 

  4. Stoneburner, G., Goguen, A., Feringa, A.: Risk management guide for information technology systems. NIST Special Publication 800-30, National Institute of Standards and Technology (NIST), Gaithersburg, MD 20899-8930 (2002)

    Google Scholar 

  5. Voorhoeve, M., Van der Aalst, W.: Ad-hoc workflow: problems and solutions. In: Proceedings of the Eigth International Workshop on Database and Expert Systems Applications, pp. 36–40. IEEE Computer Society, Los Alamitos (1997)

    Google Scholar 

  6. van der Aalst, W.: Generic workflow models: How to handle dynamic change and capture management information? In: Conference on Cooperative Information Systems, pp. 115–126 (1999)

    Google Scholar 

  7. Mills, S.: The future of business - aligning business and it to create an enduring impact on industry. Technical report, IBM (2007)

    Google Scholar 

  8. Sackmann, S.: A reference model for process-oriented it risk management. In: 16th European Conference on Information Systems, ECIS 2008 (2008)

    Google Scholar 

  9. Al-Mashari, M.: Business process management - major challenges. Business Process Management Journal 8, 411–412 (2002)

    Google Scholar 

  10. Farquhar, B.: One approach to risk assessment. Computers and Security 10(10), 21–23 (1991)

    Article  Google Scholar 

  11. Fredriksen, R., Kristiansen, M., Gran, B.A., Stølen, K., Opperud, T.A., Dimitrakos, T.: The CORAS framework for a model-based risk management process. In: Anderson, S., Bologna, S., Felici, M. (eds.) SAFECOMP 2002. LNCS, vol. 2434, pp. 94–105. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  12. Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the OCTAVE approach. Technical report, Carnegie Mellon - Software Engineering Institute, Pittsburgh, PA 15213-3890 (2003)

    Google Scholar 

  13. DCSSI: Expression des Besoins et Identification des Objectifs de Sécurité (EBIOS) - Section 2 - Approach. General Secretariat of National Defence Central Information Systems Security Division, DCSSI (2004)

    Google Scholar 

  14. ISO/IEC: ISO/IEC 27005:2007, Information technology - Security techniques - Information security risk management (2007)

    Google Scholar 

  15. Sackmann, S.: Assessing the effects of it changes on it risk - a business process-oriented view. In: Multikonferenz Wirtschaftsinformatik (MKWI 2008), pp. 1137–1148. GITO-Verlag, Berlin (2008)

    Google Scholar 

  16. Asnar, Y., Giorgini, P.: Analyzing business continuity through a multi-layers model. In: Dumas, M., Reichert, M., Shan, M.-C. (eds.) BPM 2008. LNCS, vol. 5240, pp. 212–227. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  17. Reijers, H.A., Limam, S., van der Aalst, W.M.P.: Product-based workflow design. J. Manage. Inf. Syst. 20(1), 229–262 (2003)

    Google Scholar 

  18. Eom, J.-H., Park, S.-H., Han, Y.-J., Chung, T.-M.: Risk assessment method based on business process-oriented asset evaluation for information system security. In: Shi, Y., van Albada, G.D., Dongarra, J., Sloot, P.M.A. (eds.) ICCS 2007. LNCS, vol. 4489, pp. 1024–1031. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  19. van der Aalst, W., van Hee, K.: Business process redesign: a petri-net-based approach. Computers in Industry 29, 15–26 (1996)

    Article  Google Scholar 

  20. van der Aalst, W.: The application of Petri nets to workflow management. The Journal of Circuits, Systems and Computers 8(1), 21–66 (1998)

    Article  Google Scholar 

  21. van der Aalst, W.: Process-oriented architectures for electronic commerce and interorganizational workflow. Information Systems 24(8), 639–671 (1999)

    Article  Google Scholar 

  22. zur Muehlen, M., Rosemann, M.: Integrating risks in business process models. In: ACIS 2005 Proceedings (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Software Technology and Interactive Systems, Vienna University of Technology, A-1040, Vienna, Austria

    Stefan Fenz

  2. Secure Business Austria, A-1040, Vienna, Austria

    Andreas Ekelhart & Thomas Neubauer

Authors
  1. Stefan Fenz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Ekelhart
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Neubauer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett-Packard Laboratories, 1501 Page Mill Rd., 94304, Palo Alto, CA, USA

    Umeshwar Dayal

  2. Alps Adria University Klagenfurt, Universitätsstr. 65, 9020, Klagenfurt, Austria

    Johann Eder

  3. IBM Zurich Research Laboratory, Saeumerstr. 4, 8803, RĂĽschlikon, Switzerland

    Jana Koehler

  4. Eindhoven University of Technology, PO Box 513, 5600, Eindhoven, MB, The Netherlands

    Hajo A. Reijers

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Fenz, S., Ekelhart, A., Neubauer, T. (2009). Business Process-Based Resource Importance Determination. In: Dayal, U., Eder, J., Koehler, J., Reijers, H.A. (eds) Business Process Management. BPM 2009. Lecture Notes in Computer Science, vol 5701. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03848-8_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03848-8_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03847-1

  • Online ISBN: 978-3-642-03848-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation