The use of business process modelling in information systems security analysis and design

Information Management and Computer Security

Volumn 8, Issue 2-3, 2000, Pages 107-116

  Kokolakis, S A ^a   Demopoulos, A J ^a   Kiountouzis, E A ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

Business process analysis; Computer security; Information systems; Modelling; Risk

Indexed keywords

INDUSTRY; INFORMATION MANAGEMENT; INFORMATION TECHNOLOGY; RISK ASSESSMENT; SOCIETIES AND INSTITUTIONS;

BUSINESS PROCESS ANALYSIS; BUSINESS PROCESS MODELLING; INFORMATION SYSTEMS; RISK ANALYSIS;

SECURITY OF DATA;

EID: 0242329011     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220010339192     Document Type: Review

References (30)

1. Appleton, D. (1995), "Business reengineering with business rules", in Grover, V. and Kettinger, W. (Eds), Business Process Change: Concepts, Methods and Technologies, IDEA Group Publishing, London, pp. 291-329.
2. Auramaki, E., Hirschheim, R. and Lyytinen, K. (1992), "Modelling offices through discourse analysis: the SAMPO approach", The Computer Journal. Vol. 35 No. 4, pp. 342-52.
3. Backhouse, J. and Dhillon, G. (1996), "Structures of responsibility and security of information systems", European Journal of Information Systems, Vol. 5 No. 1, pp. 2-9.
4. Badenhorst, K.P. and Eloff, J.H.P. (1989), "Framework of a methodology for the life cycle of computer security in an organization", Computers & Security, Vol. 8, pp. 433-42.
5. Bangenmann Committee (1994), Europe and the Global Information Society: Report of the High Level Group on the Information Society (Bangenmann Report), European Commission, Brussels.
6. Baskerville, R. (1991), "Risk analysis: an interpretive feasibility tool in justifying information systems security", European Journal of Information Systems, Vol. 1 No. 2, pp. 121-30.
7. CEC (1994), Europe's Way to the Information Society: An Action Plan, CEC/COM(94)347, Brussels.
8. Checkland, P. (1981), Systems Thinking, Systems Practice, Wiley, Chichester.
9. Chen, P.P. (1976), "The entity-relationship model: towards a unified view of data", ACM Transactions on Database Systems, Vol. 1 No. 1, pp. 9-35.
10. Curtis, B., Kellner, M.I. and Over, J. (1992), "Process modeling", Communications of the ACM, Vol. 35 No. 9, pp. 75-90.
11. Dobson, J. (1991), "A methodology for analysing human and computer-related issues in secure systems", in Dittrich, K., Rautakivi, S. and Saari, J. (Eds), Computer Security and Information Integrity, Elsevier Science Publ., North-Holland.
12. Dorsey, P. and Koletzke, P. (1997), ORACLE Designer/2000 Handbook: A Comprehensive System Development Method Using Oracle's Design Tools, Oracle Press, Osborn McGraw-Hill.
13. European Commission (1993a), Glossary of Information Systems Security, European Commission, DGXIII, contract S2001, Brussels, Luxembourg.
14. European Commission (1993b), Risk Analysis Methods Database, European Commission, DGXIII, INFOSEC Project S2014/WP08, Brussels, Luxembourg.
15. Forrester, J. W. (1961), Industrial Dynamics, MIT Press, Cambridge MA.
16. Glykas, M. (1994), "Agent relationship analysis in organisational transformation: the ARMA methodology for systematic business process redesign", PhD thesis, Engineering Department, Cambridge University, Cambridge.
17. Hinde, S. (1998), "Recent security surveys", Computers & Security, Vol. 17, pp. 207-10.
18. Hitchings, J. (1995), "Achieving an integrated design: the way forward for information security", in Ellof, J. and von Solms, S. (Eds), Information Security - the Next Decade, IFIP SEC'95, Chapman & Hall, London.
19. Holbein, R., Teufel, S. and Bauknecht, K. (1996), "The use of business process models for security design in organizations", in Katsikas, S. and Gritzalis, D. (Eds), Information Systems Security: Facing the Information Society of the 21st Century, IFIP SEC'96, Chapman & Hall, London.
20. Huckvale, T. and Ould, M. (1995), "Process modelling - who, what and how - role activity diagramming", in Grover, V. and Kettinger, W. (Eds), Business Process Change: Concepts, Methods and Technologies. IDEA Group Publishing, London, pp. 330-49.
21. ISO/IEC/JTC1 (1996/1997), Information Technology - Security Techniques - Guidelines for the Management of IT security, ISO/IEC TR 13335.
22. Kettinger, W.J., Teng, J.T.C. and Guha, S. (1997), "Business process change: a study of methodologies, techniques, and tools", MIS Quarterly, Vol. 21 No. 1.
23. Lindup, K. (1996), "The role of information security in corporate governance", Computers & Security, Vol. 15, pp. 477-85.
24. Martin, M. and Dobson, J. (1991), "Enterprise modelling and security policies", in Jajodia, S. and Landwehr, C.E. (Eds), Database Security IV: Status and Prospects, Elsevier Science Publ., North-Holland.
25. Mayer, R., Benjamin, P., Caraway, B. and Painter, M. (1995), "A framework and a suite of methods for business process reengineering", in Grover, V. and Kettinger, W. (Eds). Business Process Change: Concepts. Methods and Technologies, IDEA Group Publishing, London, pp. 245-90.
26. Rummler, G.A. and Brache, A.P. (1990), Improving Performance: How to Manage the White Space on the Organisational Chart, Jossey-Bass, San Francisco, CA.
27. Scherr, A.L. (1993), "A new approach to business processes", IBM Systems Journal, Vol. 32 No. 1, pp. 80-98.
28. Searle, J.R. (1969), Speech Acts: An Essay in the Philosophy of Language, Cambridge University Press.
29. Singh, B. and Rein, G. (1992), "Role interaction nets (RINSs): a process definition formalism", MCC Technical Report No CT-083-092.
30. Wolstenholme, E.F., Henderson, S. and Gavine, A. (1993), The Evaluation of Management Information Systems, A Dynamic Approach, Wiley, Chichester.