Integration of an ontological information security concept in risk-aware business process management

Proceedings of the Annual Hawaii International Conference on System Sciences

Volumn , Issue , 2008, Pages

  Goluch, Gernot ^a   Ekelhart, Andreas ^a   Fenz, Stefan ^a   Jakoubi, Stefan ^a   Tjoa, Simon ^a   Mück, Thomas ^b  

^a Secure Business Austria   (Austria)

^b Austrian Social Insurance Authority for Business   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER NETWORKS; ENTERPRISE RESOURCE MANAGEMENT; INFORMATION SERVICES; INTEGRATION; KNOWLEDGE BASED SYSTEMS; MANAGEMENT; ONTOLOGY; OPTIMIZATION; RISK ANALYSIS; RISK MANAGEMENT; ROPE;

BUSINESS PROCESS MANAGEMENT;

PROCESS ENGINEERING;

EID: 51449100841     PISSN: 15301605     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HICSS.2008.211     Document Type: Conference Paper

References (32)

1. Bank Of Japan, "Business Continuity Planning at the Bank of Japan," September 2003.
2. _, "Business Continuity Planning at Financial Institutions," July 2003.
3. D. A. Alberts, C.J., "OCTAVE Method Implementation Guideline Version 2.0 - Volume 1: Introduction," 2001.
4. CERT, "OCTAVE," 2005. [Online]. Available: http://www.cert.org/ octave
5. L. F. BCI, NaCTSO, "Expecting the unexpected - Business continuity in an uncertain world," 2003.
6. D. Karagiannis, S. Junginger, and R. Strobl, Business Process Modelling. Springer, Berlin, 1996, ch. Introduction to Business Process Management Systems Concepts, pp. 81-106.
7. BOC, "The BPMS Paradigm," 1996-2004. [Online]. Available: http://www.boc-eu.com/bochp.jsp?file=WP 582571cc1ed802de.b05236.f598e2482c
8. A. W. Scheer, G. Keller, and M. Nüttgens, "Semantische Prozeßmodellierung auf der Grundlage Ereignisgesteuerter Prozeßketten (EPK)," Veröffentlichungen des Instituts für Wirtschaftsinformatik, Heft 89, Saarbrücken, 1992. [Online]. Available: http://www.iwi.uni-sb.de/nuettgens/Veroef/Artikel/heft089/heft089.pdf
9. Business Continuity Institute, "Good Practice Guidelines," http://www.thebci.org/gpgdownloadpage.htm, July 2007. [Online]. Available: http://www.thebci.org
10. BSI, "IT-Grundschutz Manual (english version)," 2004. [Online]. Available: http://www.bsi.de/english/gshb/manual/download/index.html
11. International Organization for Standardization and International Electrotechnical Commission, "ISO/IEC 17799:2005 Information technology - Security techniques - Code of practice for information security management," http://www.iso.org/, 2006.
12. British Standards Institute, "Bs 25999," http://www.bsonline. bsiglobal.com/server/index.jsp, 2006.
13. International Organization for Standardization and International Electrotechnical Commission, "ISO/IEC 13335-2:1997 Techniques for information and communications technology security risk management," http://www.iso.org/, 1997.
14. S. Jakoubi, S. Tjoa, and G. Quirchmayr, "ROPE: A Methodology for Enabling the Risk-Aware Modelling and Simulation of Business Processes," in ECIS, 15th European Conference on Information Systems, 2007.
15. S. Jakoubi, "A Methodology for the Visualisation of Risks in Business Processes as an Enabler for a Holistic Documentation and Risk Evaluation by means of Simulation for Software Projects (in German)," Master's thesis, University of Vienna, 2006.
16. S. Tjoa, "A Methodology for the Enhancement of Business Process Modelling by means of Process-oriented Modelling, Evaluation, and Simulation of IT-Infrastructure (in German)," Master's thesis, University of Vienna, 2006.
17. G. Stoneburner, A. Goguen, and A. Feringa, "Risk Management Guide for Information Technology Systems," NIST(National Institute of Standards and Technology), Tech. Rep., July 2002, special Publication 800-30. [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
18. A. Ekelhart, S. Fenz, M. Klemen, and E. Weippl, "Security Ontologies: Improving Quantitative Risk Analysis," in Proceedings of the 40th Hawaii International Conference on System Sciences (HICSS 2007), Jan 2007.
19. _, "Security Ontology: Simulating Threats to Corporate Assets," in Information Systems Security, ser. Lecture Notes in Computer Science, A. Bagchi and V. Atluri, Eds., vol. 4332. Springer, Dec 2006, pp. 249-259.
20. PricewaterhouseCoopers, "Information Security Breaches Survey," http://www.pwc.com/uk/eng/ins-sol/publ/pwc_dtifullsurveyresults06.pdf, 2006.
21. AusCERT, "Australian Computer Crime and Security Survey," http://www.auscert.org.au/render.html?it=2001&template=1, 2006.
22. Silicon.de, "IT-Sicherheit Studie," http://www.silicon.de/ downloads/siliconDEStudie IT Sicherheit2005.pdf, 2005, English title: IT security study.
23. Basel Committee on Banking Supervision (BCBS), "Basel 2 - International Convergence of Capital Measurement and Capital Standards - A Revised Framework," 2001.
24. SOX, "One hundred seventh congress of the united states of america, sarbanes oxley act - to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes." 2002.
25. NIST, "An Introduction to Computer Security - The NIST Handbook," NIST(National Institute of Standards and Technology), Tech. Rep., October 1995, special Publication 800-12. [Online]. Available: http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf
26. United Nations, "United Nations Standard Products and Services Code," http://www.unspsc.org/, 2006.
27. M. Grüninger and M. S. Fox, "Methodology for the Design and Evaluation of Ontologies," in Proceedings of the Workshop on Basic Ontological Issues in Knowledge Sharing, IJCAI-95, Apr. 1995. [Online]. Available: http://www.eil.utoronto.ca/enterprise-modelling/papers/gruninger- ijcai95.pdf
28. T. R. Peltier, Information Security Risk Analysis. Boca Raton, Florida: Auerbach Publications, 2001.
29. A. Avizienis, J.-C. Laprie, B. Randell, and C. E. Landwehr, "Basic Concepts and Taxonomy of Dependable and Secure Computing," IEEE Trans. Dependable Sec. Comput., vol. 1, no. 1, pp. 11-33, 2004.
30. International Organization for Standardization and International Electrotechnical Commission, "ISO/IEC 27001:2005, information technology - security techniques - information security management systemsrequirements," http://www.iso.org/, 2005.
31. ISACA, "COBIT," http://www.isaca.org/, 2006.
32. The Office of Government Commerce, "ITIL," http://www.itil.co. uk/, 2006.