Objective types for the valuation of secure business processes

Proceedings - 7th IEEE/ACIS International Conference on Computer and Information Science, IEEE/ACIS ICIS 2008, In conjunction with 2nd IEEE/ACIS Int. Workshop on e-Activity, IEEE/ACIS IWEA 2008

Volumn , Issue , 2008, Pages 231-236

  Neubauer, Thomas ^a   Heurix, Johannes ^a  

^a Secure Business Austria   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS PROCESSES; MULTIPLE OBJECTIVES;

ARSENIC COMPOUNDS; COMMUNICATION; COMPUTER NETWORKS; CYBERNETICS; INFORMATION MANAGEMENT; MULTIOBJECTIVE OPTIMIZATION;

DECENTRALIZED CONTROL;

EID: 51349155670     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICIS.2008.64     Document Type: Conference Paper

References (23)

1. W. Alms. Viren, Würmer, kriminelle Mitarbeiter - Deutschland hat Nachholbedarf bei IT-Security. Information Management & Consulting, 17, 2002.
2. M. Bishop. What is computer security? IEEE Sec. Priv. Mag., 1(1):67-69, Jan.-Feb. 2003.
3. A. Ekelhart, S. Fenz. T. Neubauer, and E. Weippl. Formal threat descriptions for enhancing governmental risk assessment. In Proceedings of the First International Conference on Theory and Practice of Electronic Governance. ACM Press. 2007.
4. H. A. Gartner and P. Konrad. Nutzung von Methoden und Instrumenten - Details zur KES Sicherheitsstudie 1994. KES - Zeitschrift für Kommunikations- und EDV Sicherheit, 2, 1995.
5. P. Gruenbacher. Collaborative requirements negotiation with EasyWinWin. In Proceedings 11th International Workshop on Database and Expert Systems Applications DEXA '00, Washington, DC, USA, 2000. IEEE Computer Society.
6. G. Herrmann. Security and integrity requirements of business processes - analysis and approach to support their realisation. In Consortium on Advanced Information Systems Engineering, pages 36-47, 1999.
7. J. Jürjens. Umlsec: Extending UML for secure systems development. In UML 2002. Springer, 2002.
8. C. Kobryn. UML 2001: A standardization Odyssey. Commun. ACM, 42(10):29-37, 1999.
9. J. McDermott and C. Fox. Using abuse case models for security requirements analysis. In Proceedings of the 15th Annual Computer Security Applications Conference, 1999. (ACSAC '99), pages 55-64. 6-10 Dec. 1999.
10. T. Neubauer and J. Heurix. Multiobjective decision support for defining secure business processes. In Proceedings of the Ninth International Conference on Information Integration and Web-based Applications Services. OCG. 2007.
11. T. Neubauer and J. Heurix. Defining secure business processes with respect to multiple objectives. In Proceedings of the Third International Conference on Availability, Reliability and Security ARES. IEEE Computer Society. 2008.
12. T. Neubauer, M. Kiemen, and S. Biffl. Business Process-based Valuation of IT-Security. In Proceedings of the International ACM Conference on Software Engineering, Workshop on economics-driven software engineering research (EDSER'05), 2005.
13. T. Neubauer, M. Kiemen, and S. Biffl. Secure Business Process Management: A Roadmap. In Proceedings of the First International Conference on Availability, Reliability and Security ARES, pages 457-464. IEEE Computer Society. 2006.
14. T. Neubauer and C. Stummer. Extending business process management to determine efficient IT investments. In Proceedings of the. 2007 ACM symposium on Applied Computing, pages 1250-1256, 2007.
15. T. Neubauer and C. Stummer. Interactive decision support for multiobjective cots selection. In Proceedings of the 40th Annual Hawaii International Conference on System Sciences. 2007.
16. T. Neubauer. C. Stummer, and E. Weippl. Workshop-based Multiobjective Security Safeguard Selection. In Proceedings of the First International Conference on Availability, Reliability and Security ARES, pages 366-373. IEEE Computer Society, 2006.
17. C. Pfleeger. The fundamentals of information security. IEEE Software, 14(1): 15-16,60, Jan.-Feb. 1997.
18. A. Rodriguez, E. Fernandez-Medina, and M. Piattini. Security requirements with a UML 2 profile. In Proceedings of the First International Conference on Availability, Reliability and Security, ARES'06, 2006.
19. A. W. Scheer. Architecture of integrated information systems. Springer. 1992.
20. G. Sindre and A. Opdahl. Eliciting security requirements by misuse cases. In Proceedings of the 37th International Conference on Technology of Object-Oriented Languages and Systems, 2000. TOOLS-Pacific 2000., pages 120-131, 20-23 Nov. 2000.
21. K. J. SooHoo. How much is enough? A risk-management approach to computer security. Technical report, Consortium for Research on Information Security and Policy (CRISP), June 2000.
22. S. Thorne. A new Vision for IT Security in the 90s. In. Bauknecht, Kurt; Teufel, Stephanie (Hrsg.): Sicherheit in Informationssystemen; Proceedings der Fachtagung SIS. 1994.
23. M. zur Muehlen and M. Rosemann. Integrating risks in business process models. In Proceedings 16th Australasian Conference on Information Systems. 2005.