Business Process Security Analysis – Design Time, Run Time, Audit Time

2013 ◽  
Vol 55 (6) ◽  
Author(s):  
Frank Böhr ◽  
Linh Thao Ly ◽  
Günter Müller
Keyword(s):  
Business Process ◽  
Process Management ◽  
Business Processes ◽  
Security Analysis ◽  
Holistic Approach ◽  
Security Requirements ◽  
Tool Support ◽  
Workflow Model ◽  
Design Time ◽  
Run Time

AbstractThis paper reports on approaches and tool support for security and compliance analysis of executable business processes, so-called workflows, employed in the GESINE project. Specifically, focusing on the business layer and the corresponding workflow entities along the business process management lifecycle (i. e., workflow model, instance and event log), the techniques reported on in this paper cover the design time, run time and audit time analysis. Their goal is to verify the adherence to security requirements, such as the four-eyes principle and separation and binding of duties. Altogether, the complementary techniques described in this paper enable a holistic approach to ensure the security of workflows.

scholarly journals ІНТЕЛЕКТУАЛІЗАЦІЯ УПРАВЛІННЯ ХОЛІСТИЧНИМ РОЗВИТКОМ БІЗНЕС-ПРОЦЕСІВ ПІДПРИЄМСТВА

2020 ◽  
Vol 139 (5) ◽  
pp. 78-92
Author(s):  
Олена Володимирівна Ареф’єва ◽  
Заріна Миколаївна Побережна
Keyword(s):  
Business Process ◽  
Business Process Management ◽  
Process Management ◽  
Business Processes ◽  
Holistic Approach ◽  
Innovation Activity ◽  
Holistic Development ◽  
Holistic Management ◽  
Integrated Concept ◽  
The Government

The article defines the intellectualization of enterprise business process management based on the components of holistic approach. The study explores the issues of managing holistic development of complex socioeconomic systems and presents the principles of criteria formalization in holistic management of company business processes. The basic factors and conditions enhancing the company holistic development management efficiency are investigated along with providing insights to the key external and internal drivers in application of the concept of holistic development of business processes. A conclusion about the need to employ the holistic development paradigm as the most promising one is substantiated. The article presents a model of a holistic approach to managing company business processes. The authors offer their original interpretation of the holistic approach as an integrated concept focused on the company potential, in particular its economic capacity, reflecting different stages of company market relationships and utilization of resources. An emphasis is put that the holistic approach toolkit has been applied only to those sectors of the national economy that are characterized by high innovation activity on the one hand and a high degree of consumer interaction, on the other. The study also suggests implications for further research which are associated with identification of methodological components of holistic approach in business process management and their adaptation to modern realia of Ukraine’s economy, as well as the elaboration of practical guidelines to implement the holistic approach in building the company marketing mix. The background for the development of small and medium-sized enterprises has been analyzed together with identifying its future trends in the context of economy stabilization. Regression analysis was carried out for small, medium and large enterprises. It is argued that small and medium-sized businesses need specific organizational forms and adequate financial support to operate effectively, it is also important to find optimal patterns of cooperation between SMEs and other sectors of the economy, in particular, with large corporations and the government. In this context, the option of implementation of international best practices should be considered.

Business Process Security Analysis – Design Time, Run Time, Audit Time

2013 ◽  
Vol 55 (6) ◽  
Author(s):  
Frank Böhr ◽  
Linh Thao Ly ◽  
Günter Müller
Keyword(s):  
Business Process ◽  
Security Analysis ◽  
Design Time ◽  
Analysis Design ◽  
Run Time

scholarly journals Enhancing business process execution with a context engine

2019 ◽  
Vol 25 (6) ◽  
pp. 1273-1290 ◽  
Author(s):  
Christian Janiesch ◽  
Jörn Kuhlenkamp
Keyword(s):  
Business Process ◽  
Context Awareness ◽  
Process Management ◽  
Business Processes ◽  
Design And Technology ◽  
Context Information ◽  
Reference Architecture ◽  
Business Rules ◽  
Content Type ◽  
Run Time

Purpose Changes in workflow relevant data of business processes at run-time can hinder their completion or impact their profitability as they have been instantiated under different circumstances. The purpose of this paper is to propose a context engine to enhance a business process management (BPM) system’s context-awareness. The generic architecture provides the flexibility to configure processes during initialization as well as to adapt running instances at decision gates or during execution due to significant context change. Design/methodology/approach The paper discusses context-awareness as the conceptual background. The technological capabilities of business rules and complex event processing (CEP) are outlined in an architecture design. A reference process is proposed and discussed in an exemplary application. Findings The results provide an improvement over the current situation of static variable instantiation of business processes with local information. The proposed architecture extends the well-known combination of business rules and BPM systems with a context engine based on CEP. Research limitations/implications The resulting architecture for a BPM system using a context engine is generic in nature and, hence, requires to be contextualized for situated implementations. Implementation success is dependent on the availability of context information and process compensation options. Practical implications Practitioners receive advice on a reference architecture and technology choices for implementing systems, which can provide and monitor context information for business processes as well as intervene and adapt the execution. Originality/value Currently, there is no multi-purpose non-proprietary context engine based on CEP or any other technology available for BPM, which facilitates the adaptation of processes at run-time due to changes in context variables. This paper will stimulate a debate between research and practice on suitable design and technology.

scholarly journals Business Process Simulation on Procedural Graphical Process Models

2021 ◽  
Author(s):  
Kristina Rosenthal ◽  
Benjamin Ternes ◽  
Stefan Strecker
Keyword(s):  
Business Process ◽  
Process Simulation ◽  
Process Management ◽  
Business Processes ◽  
Design Science ◽  
Science Research ◽  
Process Models ◽  
Tool Support ◽  
Future Research ◽  
Use Context

AbstractBusiness process simulation marks an essential technique for analyzing business processes and for reasoning about process improvement. With first contributions dating back to the mid-1990s, computerized business process simulation has been a continuing research focus and is widely acknowledged as foundational to Business Process Management research and practice. Reviewing contributions to the field published between 1990 and 2018, the authors assess the state of research on business process simulation and develop an organizing overview of research contributions discussing simulation approaches, tool support, results visualization, use context, application purposes, and adoption barriers. Findings inform future research on business process simulation by discussing paths for behavioral research on the use of business process simulation, user requirements, and adoption barriers as well as complementary paths for design science research addressing limitations of present approaches and simulation tool support.

scholarly journals Resource Controllability of Business Processes Under Conditional Uncertainty

2021 ◽  
Author(s):  
Matteo Zavatteri ◽  
Carlo Combi ◽  
Luca Viganò
Keyword(s):  
Access Control ◽  
Business Process ◽  
Process Management ◽  
Business Processes ◽  
Autonomous Systems ◽  
Research Problem ◽  
Current Research Problem ◽  
Constraint Networks ◽  
Process Engine ◽  
A Current

AbstractA current research problem in the area of business process management deals with the specification and checking of constraints on resources (e.g., users, agents, autonomous systems, etc.) allowed to be committed for the execution of specific tasks. Indeed, in many real-world situations, role assignments are not enough to assign tasks to the suitable resources. It could be the case that further requirements need to be specified and satisfied. As an example, one would like to avoid that employees that are relatives are assigned to a set of critical tasks in the same process in order to prevent fraud. The formal specification of a business process and its related access control constraints is obtained through a decoration of a classic business process with roles, users, and constraints on their commitment. As a result, such a process specifies a set of tasks that need to be executed by authorized users with respect to some partial order in a way that all authorization constraints are satisfied. Controllability refers in this case to the capability of executing the process satisfying all these constraints, even when some process components, e.g., gateway conditions, can only be observed, but not decided, by the process engine responsible of the execution. In this paper, we propose conditional constraint networks with decisions (CCNDs) as a model to encode business processes that involve access control and conditional branches that may be both controllable and uncontrollable. We define weak, strong, and dynamic controllability of CCNDs as two-player games, classify their computational complexity, and discuss strategy synthesis algorithms. We provide an encoding from the business processes we consider here into CCNDs to exploit off-the-shelf their strategy synthesis algorithms. We introduce $$\textsc {Zeta}$$ Z E T A , a tool for checking controllability of CCNDs, synthesizing execution strategies, and executing controllable CCNDs, by also supporting user interactivity. We use $$\textsc {Zeta}$$ Z E T A to compare with the previous research, provide a new experimental evaluation for CCNDs, and discuss limitations.

Benefits and Challenges for Business Process Management in the Cloud

2015 ◽  
Vol 5 (2) ◽  
pp. 80-104 ◽  
Author(s):  
Ute Riemann
Keyword(s):  
Cloud Computing ◽  
Business Process ◽  
Information Exchange ◽  
Business Process Management ◽  
Process Management ◽  
Business Models ◽  
Business Processes ◽  
Cloud Services ◽  
Cloud Infrastructure ◽  
Business Application

Business processes are not only variable they are as well dynamic. A key benefit of Business Process Management (BPM) is the ability to adjust business processes accordingly in response to changing market requirements. In parallel to BPM, enterprise cloud computing technology has emerged to provide a more cost effective solution to businesses and services while making use of inexpensive computing solutions, which combines pervasive, internet, and virtualization technologies (). Despite the slow start, the business benefits of cloud computing are as such that the transition of BPM to the cloud is now underway. Cloud services refer to the operation of a virtualized, automated, and service-oriented IT landscape allowing the flexible provision and usage-based invoicing of resources, services, and applications via a network or the internet. The generic term “X-as-a-Service” summarize the business models delivering almost everything as a service. BPM in the cloud is often regarded as a SaaS application. More recently, BPM is being regarded as a PaaS as it facilitates the creation and deployment of applications, in this case business process solutions. The PaaS landscape is the least developed of the four cloud based software delivery models previously discussed. PaaS vendors, such as IBM, Oracle, and Microsoft delivered an application platform with managed cloud infrastructure services however, more recently the PaaS market has begun to evolve to include other middleware capabilities including process management. BPM PaaS is the delivery of BPM technology as a service via a cloud service provider. For the classification as a PaaS a BPM suite requires the following capabilities: the architecture should be multi-tenant, hosting should be off premise and it should offer elasticity and metering by use capabilities. When we refer to BPM in the cloud, what we are really referring to is a combination of BPM PaaS and BPaaS (Business Process as a Service). Business Process as a Service (BPaaS) is a set of pre-defined business processes that allows the execution of customized business processes in the cloud. BPaaS is a complete pre-integrated BPM platform hosted in the cloud and delivered as a service, for the development and execution of general-purpose business process application. Although such a service harbors an economic potential there are remaining questions: Can an individual and company-specific business process supported by a standardized cloud solution, or should we protect process creativity and competitive differentiation by allowing the company to design the processes individually and solely support basic data flows and structures? Does it make sense to take a software solution “out of the box” that handles both data and process in a cloud environment, or would this hinder the creativity of business (process) development leading to a lower quality of processes and consequently to a decrease in the competitive positioning of a company? How to manage the inherent compliance and security topic. Within a completely integrated business application system, all required security aspects can be implemented as a safeguarding with just enough money. Within the cloud, however, advanced standards and identity prove is required to monitor and measure information exchange across the federation. Thereby there seems to be no need for developing new protocols, but a standardized way to collect and evaluate the collected information.

scholarly journals BPM and ECM: Similarities, differences, conceptual, and technological limits

2018 ◽  
Vol 30 (1) ◽  
pp. 95-105
Author(s):  
Marco Aurélio de Souza MENDES ◽  
Marcello Peixoto BAX
Keyword(s):  
Business Process ◽  
Business Process Management ◽  
Process Management ◽  
Business Processes ◽  
Integrated Approach ◽  
Content Management ◽  
Enterprise Information ◽  
Technological Support ◽  
Enterprise Content Management ◽  
Unstructured Information

Abstract Enterprise information architectures still do not deliver all the value that comes from integrating structured and unstructured information. Enterprise Content Management and Business Process Management were developed as autonomous disciplines. Thus, Enterprise Content Management still occurs without formally considering the business processes that generate and manipulate content, while Business Process Management initiatives arise without a documented treatment of materials produced by the processes. The non-integrated approach to these disciplines collaborates to reduce the potential benefits expected in Organizational Change Management programs. In such context, the article discusses the interrelation between Business Process Management and Enterprise Content Management, approaching from a historical view of these disciplines, their conceptual limits, technological support, and dialogues that would benefit both initiatives. The paper contributes to clarify a question still vague in the field of Information Management, which is how to integrate Business Process Management and Enterprise Content Management treating structured and unstructured information in a unified manner. It discusses how to approach this issue in a broad scope of IM by combining the concepts of Enterprise Content Management and Business Process Management. Based on a literature review, the paper analyzes and synthesizes experiences in Enterprise Content Management and Business Process Management acquired in the context of a project carried out in a Power Sector Company. The article reveals problems in separating approaches to Enterprise Content Management and Business Process Management. It shows the importance of an effort for integration and presents three instruments that promote the linkage of the two initiatives, approximating process offices and analysts’ information.

A theory of contingent business process management

2019 ◽  
Vol 25 (6) ◽  
pp. 1291-1316 ◽  
Author(s):  
Sarah Zelt ◽  
Jan Recker ◽  
Theresa Schmiedel ◽  
Jan vom Brocke
Keyword(s):  
Information Processing ◽  
Business Process ◽  
Business Process Management ◽  
Process Management ◽  
Business Processes ◽  
Empirical Studies ◽  
Theory Development ◽  
Process Performance ◽  
Research Strategies ◽  
Content Type

Purpose Many researchers and practitioners suggest a contingent instead of a “one size fits all” approach in business process management (BPM). The purpose of this paper is to offer a contingency theory of BPM, which proposes contingency factors relevant to the successful management of business processes and that explains how and why these contingencies impact the relationships between process management and performance. Design/methodology/approach The authors develop the theory by drawing on organizational information processing theory (OIPT) and applying an information processing (IP) perspective to the process level. Findings The premise of the model is that the process management mechanisms such as documentation, standardization or monitoring must compensate for the uncertainty and equivocality of the nature of the process that has to be managed. In turn, managing through successful adaptation is a prerequisite for process performance. Research limitations/implications The theory provides a set of testable propositions that specify the relationship between process management mechanisms and process performance. The authors also discuss implications of the new theory for further theorizing and outline empirical research strategies that can be followed to enact, evaluate and extend the theory. Practical implications The theory developed in this paper allows an alternative way to describe organizational processes and supports the derivation of context-sensitive management approaches for process documentation, standardization, monitoring, execution and coordination. Originality/value The theoretical model is novel in that it provides a contextualized view on BPM that acknowledges different types of processes and suggests different mechanisms for managing these. The authors hope the paper serves as inspiration both for further theory development as well as to empirical studies that test, refute, support or otherwise augment the arguments.

Social business process management

2019 ◽  
Vol 26 (1) ◽  
pp. 191-211
Author(s):  
Patricia Bazan ◽  
Elsa Estevez
Keyword(s):  
Business Process ◽  
Business Process Management ◽  
Process Management ◽  
Business Processes ◽  
New Technologies ◽  
State Of The Art ◽  
Implicit Knowledge ◽  
Social Software ◽  
Social Business ◽  
Content Type

Purpose The purpose of this paper is to assess the state of the art of social business process management (Social BPM), explaining applied approaches, existing tools and challenges and to propose a research agenda for encouraging further development of the area. Design/methodology/approach The methodology comprises a qualitative analysis using secondary data. The approach relies on searches of scientific papers conducted in well-known databases, identifying research work related to Social BPM solutions and those contributing with social characteristics to BPM. Based on the identified papers, the authors selected the most relevant and the latest publications, and categorized their contributions and findings based on open and selective coding. In total, the analysis is based on 51 papers that were selected and analyzed in depth. Findings Main results show that there are several studies investigating modeling approaches for socializing process activities and for capturing implicit knowledge possessed and used by process actors, enabling to add some kind of flexibility to business processes. However, despite the proven interest in the area, there are not yet adequate tools providing effective solutions for Social BPM. Based on our findings, the authors propose a research agenda comprising three main lines: contributions of social software (SS) to Social BPM, Social BPM as a mechanism for adding flexibility to and for discovering new business processes and Social BPM for enhancing business processes with the use of new technologies. The authors also identify relevant problems for each line. Practical implications Some SS tools, like wikis, enable managing social aspects in executing business processes and can be used to coordinate simple business processes. Despite they are commonly used, they are not yet mature tools supporting Social BPM and more efficient tools are yet to appear. The lack of tools preclude organizations from benefitting from implicit knowledge owned by and shared among business process actors, which could contribute to better-informed decisions related to organizational processes. In addition, more research is needed for considering Social BPM as an approach for organizations to benefit from the adoption of new technologies in their business processes. Originality/value The paper assesses the state of the art in Social BPM, an incipient area in research and practice. The area can be defined as the intersection of two bigger areas highly relevant for organizations; on the one hand, the management and execution of business processes; and on the other hand, the use of social software, including social media tools, for leveraging on implicit knowledge shared by business process actors to improving efficiency of business processes.

Sign in / Sign up

Export Citation Format

Share Document