EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

An Extension of Business Process Model and Notation for Security Risk Management

Olga Altuhhov, Raimundas Matulevičius and Naved Ahmed
Additional contact information
Olga Altuhhov: Institute of Computer Science, University of Tartu, Tartu, Estonia
Raimundas Matulevičius: Institute of Computer Science, University of Tartu, Tartu, Estonia
Naved Ahmed: Institute of Computer Science, University of Tartu, Tartu, Estonia

International Journal of Information System Modeling and Design (IJISMD), 2013, vol. 4, issue 4, 93-113

Abstract: Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confidentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).

Date: 2013
References: Add references at CitEc
Citations: View citations in EconPapers (2)

Downloads: (external link)
http://services.igi-global.com/resolvedoi/resolve. ... 18/ijismd.2013100105 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:igg:jismd0:v:4:y:2013:i:4:p:93-113

Access Statistics for this article

International Journal of Information System Modeling and Design (IJISMD) is currently edited by Thierry O. C. Edoh

More articles in International Journal of Information System Modeling and Design (IJISMD) from IGI Global
Bibliographic data for series maintained by Journal Editor ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:igg:jismd0:v:4:y:2013:i:4:p:93-113