S172024 Requirements Design of Risk Management Support System for Process Safety Management Based on Business Process Model

Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

Download Full-text

Role of Process Models in Safety Management

Research Papers Faculty of Materials Science and Technology Slovak University of Technology ◽

10.2478/v10186-010-0016-0 ◽

2010 ◽

Vol 18 (28) ◽

pp. 131-139

Author(s):

Miroslav Rusko ◽

Dana Procházková

Keyword(s):

Risk Management ◽

Crisis Management ◽

Professional Practice ◽

Process Model ◽

Safety Management ◽

Daily Practice ◽

Process Models ◽

Management Model ◽

Management Support

Role of Process Models in Safety Management Management is a type of human activity that establishes and ensures the system functions. The process models and project models are currently used for management support. Main aim of the process model is to describe the possible development tendencies as a consequence of certain phenomenon and to define functions and role of functions. The process models enable to compile procedures and scenarios for the situations that have similar features. They are suitable for planning, response and renovation. In this paper, we present the risk management model used at present in professional practice, two simple models from daily practice and the evaluation of process models for crisis management.

Download Full-text

Use Case Driven Development of a Risk Management Tool with Business Process Model for Chemical Plants

Computer Aided Chemical Engineering - 22nd European Symposium on Computer Aided Process Engineering ◽

10.1016/b978-0-444-59520-1.50041-5 ◽

2012 ◽

pp. 912-916

Author(s):

Teiji Kitajima ◽

Tetsuo Fuchino ◽

Yukiyasu Shimada ◽

Ling Yuanjin

Keyword(s):

Risk Management ◽

Business Process ◽

Process Model ◽

Management Tool ◽

Use Case ◽

Chemical Plants ◽

Business Process Model

Download Full-text

An Extension of Business Process Model and Notation for Security Risk Management

International Journal of Information System Modeling and Design ◽

10.4018/ijismd.2013100105 ◽

2013 ◽

Vol 4 (4) ◽

pp. 93-113 ◽

Cited By ~ 21

Author(s):

Olga Altuhhov ◽

Raimundas Matulevičius ◽

Naved Ahmed

Keyword(s):

Risk Management ◽

Business Process ◽

Process Model ◽

Business Processes ◽

Domain Model ◽

Security Requirements ◽

Security Model ◽

Business Process Model ◽

Security Risk ◽

Security Risk Management

Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

Download Full-text