A roadmap to risk-aware business process management

2009 IEEE Asia-Pacific Services Computing Conference, APSCC 2009

Volumn , Issue , 2009, Pages 23-27

  Jakoubi, Stefan ^a   Neubauer, Thomas ^a   Tjoa, Simon ^b  

^a Secure Business Austria   (Austria)

^b ST PÖLTEN UNIVERSITY OF APPLIED SCIENCES   (Austria)

Author keywords

Business process management; Risk management

Indexed keywords

BUSINESS CONTINUITY MANAGEMENT; BUSINESS PROCESS; BUSINESS PROCESS MANAGEMENT; INFORMATION BASIS; ROADMAP;

RISK ANALYSIS; RISK MANAGEMENT; TECHNOLOGICAL FORECASTING;

ENTERPRISE RESOURCE MANAGEMENT;

EID: 77949592990     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/APSCC.2009.5394145     Document Type: Conference Paper

References (23)

1. D. Karagiannis, S. Junginger, and R. Strobl, Business Process Modelling. Springer, Berlin, 1996, ch. Introduction to Business Process Management Systems Concepts, pp. 81-106.
2. W. Scheer and M. Nüttgens, "Aris architecture and reference models for business process management," in proceedings of BPM, 2000.
3. ISO/IEC 27005:2008 Information technology - Security techniques - Information security risk management, ISO/IEC Std., 2008.
4. NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology (NIST) Std., 2002.
5. British Standard BS25999-1:2006: Business Continuity Management - Part 1: Code of practice, British Standard Institute (BSI) Std., 2006.
6. British Standard BS25999-2:2007: Business Continuity Management - Part 2: Specification, British Standard Institute (BSI) Std., 2007.
7. Business Continuity Institute, "Good Practice Guidelines," 2008. [Online]. Available: http://www.thebci.org/gpgdownloadpage.htm
8. ISO/IEC 24762:2008 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services, ISO/IEC Std., 2008.
9. National Institute of Standards and Technology, "NIST SP800-34: Contingency planning guide for information technology systems," 2002.
10. NIST SP800-61: Computer security incident handling guide, National Institute of Standards and Technology Std., 2004.
11. S. Sackmann, A Reference Model for Process-oriented IT Risk Management, in: Golden, W. et al. (Eds.): 16th European Conference on Information Systems (ECIS'08), Galway, Ireland, 2008
12. S. Sackmann, L. Lowis, K. Kittel, Selecting Services in Business Process Execution - A Risk-based Approach, in: H.R. Hansen et al. (Eds.), Business Services: Konzepte, Technologien, Anwendungen, Tagung Wirtschaftsinformatik (WI'09), Vienna, 2009
13. F. Braber, I. Hogganvik, M.S. Lund, K. Stolen, F. Vraalsen, Model-based security analysis in seven steps - a guided tour to the CORAS method, BT Technology Journal, Vol. 25 No 1, 2007
14. D. Karagiannis, J. Mylopoulos, M. Schwab, Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act, In Proceedings of the 15th IEEE International Requirements Engineering Conference, IEEE, 2007
15. Ekelhart, A., Fenz, S. and Neubauer, T. "AURUM: A Framework for Supporting Information Security Risk Management", 'Proceedings of the 42nd Hawaii International Conference on System Sciences, HICSS2009', IEEE Computer Society, Los Alamitos, CA, USA, 978-0-7695-3450-3, 2009, pp. 1-10.
16. Fenz, S., Ekelhart, A. and Neubauer, T. "Business Process-based Resource Importance Determination", 'Proceedings of the 7th International Conference on Business Process Management (BPM'2009)', Springer, accepted for publication, 2009, pp. 113-127.
17. Ekelhart, A., Fenz, S. and Neubauer, T. "Ontology-based Decision Support for Information Security Risk Management", 'International Conference on Systems, 2009. ICONS 2009. IEEE Computer Society, 2009, pp. 80-85.
18. S. Jakoubi, S. Tjoa, G. Goluch, G. Quirchmayr, A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management, Proceedings of the International Workshop on Business Processes Security (BPS'09) at the 20th edition of DEXA, IEEE, 2009
19. S. Jakoubi, S. Tjoa, and G. Quirchmayr, "Rope: A methodology for enabling the risk-aware modelling and simulation of business processes," in Fifteenth European Conference on Information Systems, 2007, pp. 1596-1607
20. S. Jakoubi, G. Goluch, S. Tjoa, and G. Quirchmayr, "Deriving resource requirements applying risk-aware business process modeling and simulation," in 16th European Conference on Information Systems, 2008, pp. 1542-1554.
21. Gartner Inc.: Misconceptions on Process Optimization and Simulation. http://blogs.gartner.com/jim-sinur/2009/01/27/misconceptions-onprocess- optimization-and-simulation/ (2009)
22. One Hundred Seventh Congress of the United States of America. 2002. Sarbanes-Oxley Act., http://www.law.uc.edu/CCL/SOact/soact.pdf
23. Committee of Sponsoring Organizations of the Treadway Commission. 2004. Enterprise Risk Management: Executive Summary. http://www.coso.org/Publications/ ERM/COSO-ERM-ExecutiveSummary.pdf