Securing business processes using security risk-oriented patterns
详细信息 查看全文
- 作者:Naved Ahmed ; Raimundas Matulevi膷ius
- 关键词:Security engineering ; Business process modelling ; Security risk-oriented patterns ; Security requirements
- 刊名:Computer Standards and Interfaces
- 出版年:June, 2014
- 年:2014
- 卷:36
- 期:4
- 页码:723-733
- 全文大小:1894 K
文摘
Business process modelling and security engineering are two important concerns when developing information system. However current practices report that security is addressed at the later development stages (i.e. design and implementation). This raises a question whether the business processes are performed securely. In this paper, we propose a method to introduce security requirements to the business processes through the collaboration between business and security analysts. To support this collaboration we present a set of security risk-oriented patterns. We test our proposal in two industrial business models. The case findings characterise pattern performance when identifying business assets, risks, and countermeasures.