Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns

2013 ◽  
Vol 55 (6) ◽  
Author(s):  
Raimundas Matulevičius ◽  
Naved Ahmed
Keyword(s):  
Business Process ◽  
Process Model ◽  
Business Processes ◽  
System Development ◽  
Security Requirements ◽  
Business Process Model ◽  
Security Risk ◽  
Step Method ◽  
Requirements Definition ◽  
Development Stages

AbstractAlthough importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a two-step method for (i) pattern occurrence discovery in, and (ii) for security requirements definition from the business process model. We hope that our proposal could help elicit security requirements at the early system development stages, however, we still need to validate it empirically.

An Extension of Business Process Model and Notation for Security Risk Management

2013 ◽  
Vol 4 (4) ◽  
pp. 93-113 ◽  
Author(s):  
Olga Altuhhov ◽  
Raimundas Matulevičius ◽  
Naved Ahmed
Keyword(s):  
Risk Management ◽  
Business Process ◽  
Process Model ◽  
Business Processes ◽  
Domain Model ◽  
Security Requirements ◽  
Security Model ◽  
Business Process Model ◽  
Security Risk ◽  
Security Risk Management

Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

An Extension of Business Process Model and Notation for Security Risk Management

2015 ◽  
pp. 897-919
Author(s):  
Olga Altuhhov ◽  
Raimundas Matulevičius ◽  
Naved Ahmed
Keyword(s):  
Risk Management ◽  
Business Process ◽  
Process Model ◽  
Business Processes ◽  
Domain Model ◽  
Security Model ◽  
Business Process Model ◽  
Security Risk ◽  
Secure Information ◽  
Security Risk Management

Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

scholarly journals Pengujian Unit Plugin Pemberian Anotasi Efek Secara Semantik pada Proses Bisnis BPMN

2021 ◽  
Vol 6 (3) ◽  
pp. 170
Author(s):  
Hilman Nuril Hadi
Keyword(s):  
Business Process ◽  
Process Model ◽  
Business Processes ◽  
Process Models ◽  
Unit Testing ◽  
Business Process Model ◽  
Testing Technique ◽  
Modeling Tools ◽  
Path Testing ◽  
Future Business

Business process model was created to make it easier for business process stakeholders to communicate and discuss the structure of the process more effectively and efficiently. Business process models can also be business artifacts and media that can be analyzed further to improve and maintain organizational competitiveness. To analyze business processes in a structured manner, the effect/results of the execution of business processes will be one of the important information. The effect/result of the execution of certain activities or a business process as a whole are useful for managing business processes, including for improvements related to future business processes. This effect annotation approach needs to be supported by business process modeling tools to assist business analysts in managing business processes properly. In previous research, the author has developed a plugin that supports business analysts to describe the effects semantically attached to activities in the Business Process Model and Notation (BPMN) business process model. In this paper, the author describes the unit testing process and its results on the plugin of semantic effect annotation that have been developed. Unit testing was carried out using the basic path testing technique and has obtained three test paths. The results of unit test for plugin are also described in this paper.

scholarly journals Collaborative method to maintain business process models updated

2014 ◽  
Vol 11 (2) ◽  
pp. 461-480 ◽  
Author(s):  
Nuno Castela ◽  
Paulo Dias ◽  
Marielba Zacarias ◽  
José Tribolet
Keyword(s):  
Case Studies ◽  
Business Process ◽  
Process Model ◽  
Business Processes ◽  
Process Models ◽  
Organizational Environment ◽  
Business Process Model ◽  
Business Process Models ◽  
Definition Of ◽  
Over Time

Business process models are often forgotten after their creation and its representation is not usually updated. This appears to be negative as processes evolve over time. This paper discusses the issue of business process models maintenance through the definition of a collaborative method that creates interaction contexts enabling business actors to discuss about business processes, sharing business knowledge. The collaboration method extends the discussion about existing process representations to all stakeholders promoting their update. This collaborative method contributes to improve business process models, allowing updates based in change proposals and discussions, using a groupware tool that was developed. Four case studies were developed in real organizational environment. We came to the conclusion that the defined method and the developed tool can help organizations to maintain a business process model updated based on the inputs and consequent discussions taken by the organizational actors who participate in the processes.

scholarly journals A Business Process Model for IT Management Based on Enterprise Architecture

2014 ◽  
Vol 17 (2) ◽  
Author(s):  
Jonas Montilva ◽  
Judith Barrios ◽  
Isabel Besembel ◽  
William Montilva
Keyword(s):  
Business Process ◽  
Process Model ◽  
Information Technologies ◽  
Enterprise Architecture ◽  
Business Processes ◽  
It Management ◽  
Business Process Model ◽  
Business Alignment ◽  
Management Processes ◽  
Key Factor

The successful application of Information Technologies (IT) in an organization depends on the business processes used for managing such technologies. It is widely recognized that the use of the Enterprise Architecture (EA) practice for organizing these technologies into a framework is a key factor for achieving a better IT - business alignment. This article presents a business process model for the IT Management that can be used in medium and large organizations as a framework for modelling and analysing their IT management processes. The main difference between the described model and others found in the literature is that our model places EA concept at the centre of the organization of IT Management activities. It provides a better definition, organization and comprehension of the essential and support IT management activities. The described model is being used in several organizations as a referential framework to improve their current IT Management processes.

scholarly journals Análisis de BPMN como herramienta integral para el Modelado de Procesos de Negocio [Analysis of BPMN as Integral Tool for Business Process Modeling]

2014 ◽  
Author(s):  
Juan Federico Gómez Estupiñán
Keyword(s):  
Business Process ◽  
Process Model ◽  
Business Process Management ◽  
Process Management ◽  
Business Processes ◽  
Necessary Condition ◽  
Business Process Model ◽  
Advantages And Disadvantages ◽  
El Sistema ◽  
Acquisition Management

Resumen El objetivo del artículo es caracterizar el estándar Business Process Model and Notation BPMN, como herramienta gráfica para el modelado de los procesos de negocio de una organización, y realizar un análisis crítico de las posibilidades que ofrece, identificando sus ventajas y desventajas para representar adecuadamente aspectos como actores, actividades, eventos, flujos de trabajo, controles y recursos entre otros. Para verificar la funcionalidad que ofrece BPMN, se usó como caso de estudio ‘Alquiler de Vehículos’, que incluye los procesos básicos de compra, gestión, alquiler y venta de vehículo. Se encontró que la versión BPMN 2.0, incluye un conjunto de prestaciones adicionales que permiten modelar en forma completa y precisa los procesos de negocio, condición necesaria para que a partir de estos modelos se pueda implementar correctamente el sistema de gestión de procesos de negocio, utilizando una herramienta válida para tal fin. Se concluye que BPMN es una herramienta sencilla, fácil de comprender, pero con una gran potencialidad para el modelado de procesos de cualquier tipo de organización. Palabras Clave: Business Process Management BPM, Business Process Model and Notation BPMN, Alquiler de Vehículos, Business Process Management Suite BPMS.   Abstract The aim of this paper is to describe the standard Business Process Model and Notation BPMN, graphic tool for modeling business processes of an organization, and critical analysis of the possibilities, identifying advantages and disadvantages to adequately represent aspects as actors, activities, events, workflows, controls and resources among others. To verify the functionality offered BPMN, is used as a case study ‘Rent a Car’, which includes the basic processes of acquisition, management, leasing and sale of vehicle. We found that this standard, particularly BPMN version 2.0, includes a set of additional features that allow you to model a complete and accurate business processes, necessary condition for that since these models are able to successfully implement the business process management system, using a valid tool for this purpose. We conclude that BPMN is a simple tool, easy to understand, but with a great potential for modeling processes of any type of organization. Keywords: Business Process Management BPM, Business Process Model and Notation BPMN, Rent a Car, Business Process Management Suite BPMS.

On the Rim Between Business Processes and Software Systems

2019 ◽  
pp. 170-196 ◽  
Author(s):  
Maria Estrela Ferreira da Cruz ◽  
Ricardo J. Machado ◽  
Maribel Yasmina Santos
Keyword(s):  
Software Development ◽  
Business Process ◽  
Process Model ◽  
Process Management ◽  
Business Processes ◽  
Process Models ◽  
Software Systems ◽  
Business Process Model ◽  
Constant Change ◽  
Development Processes

The constant change and rising complexity of organizations, mainly due to the transforming nature of their business processes, has driven the increase of interest in business process management by organizations. It is recognized that knowing business processes can help to ensure that the software under development will meet the business needs. Some of software development processes (like unified process) already refer to business process modeling as a first effort in the software development process. A business process model usually is created under the supervision, clarification, approval, and validation of the business stakeholders. Thus, a business process model is a proper representation of the reality (as is or to be), having lots of useful information that can be used in the development of the software system that will support the business. The chapter uses the information existing in business process models to derive software models specially focused in generating a data model.

Goal Model to Business Process Model: A Methodology for Enterprise Government Tourism System Development

2016 ◽  
Vol 6 (6) ◽  
pp. 3031 ◽  
Author(s):  
Ahmad Nurul Fajar ◽  
Imam Marzuki Shofi
Keyword(s):  
Business Process ◽  
Process Model ◽  
System Development ◽  
Use Case ◽  
Business Process Model ◽  
Goal Model ◽  
Activity Diagram ◽  
Analysis Phase ◽  
The Government ◽  
Use Case Diagram

<p>The critcal factor in successfully in system development is the requirement phase. The requirement should meets with its purpose. In order to achieve it, the methodology for requrement analysis is needed. Nowdays, the complexity of e-governemnt applications is grown significantly in the government environment. E-government applications should be developed based on regulations in order to achieve the goal model of government entitties. However, the goal model could not used directly to make business process model. In order to solve this problem,this paper presents and proposed a Methodology to extract goal model into business process model that called GBPM Methodology. It can support the requirement analysis phase, especially in enterprise government tourism system. This methodology consists of two methods, there are (1) Method for convert goal model to business use case diagram, (2) Method for convert business use case diagram to activity diagram. We do the experiment in e-government applications domain. This methodology suitable with enterprise government tourism system development.</p>

scholarly journals Reasoning on the usage control security policies over data artifact business process models

2021 ◽  
pp. 61-61
Author(s):  
Montserrat Estañol ◽  
Ángel Varela-Vaca ◽  
María Gómez-López ◽  
Ernest Teniente ◽  
Rafael Gasca
Keyword(s):  
Business Process ◽  
Data Model ◽  
Process Model ◽  
Model Verification ◽  
Process Models ◽  
Security Requirements ◽  
Security Policies ◽  
Complex Data ◽  
Business Process Model ◽  
Business Process Models

The inclusion of security aspects in organizations is a crucial aspect to ensure compliance with both internal and external regulations. Business process models are a well-known mechanism to describe and automate the activities of the organizations, which should include security policies to ensure the correct performance of the daily activities. Frequently, these security policies involve complex data which cannot be represented using the standard Business Process Model Notation (BPMN). In this paper, we propose the enrichment of the BPMN with a UML class diagram to describe the data model, that is also combined with security policies defined using the UCONABC framework annotated within the business process model. The integration of the business process model, the data model, and the security policies provides a context where more complex reasoning can be applied about the satisfiability of the security policies in accordance with the business process and data models. To do so, we transform the original models, including security policies, into the BAUML framework (an artifact-centric approach to business process modelling). Once this is done, it is possible to ensure that there are no inherent errors in the model (verification) and that it fulfils the business requirements (validation), thus ensuring that the business process and the security policies are compatible and that they are aligned with the business security requirements.

Sign in / Sign up

Export Citation Format

Share Document