Towards definition of secure business processes

Lecture Notes in Business Information Processing

Volumn 112 LNBIP, Issue , 2012, Pages 1-15

  Altuhhova, Olga ^a   Matulevičius, Raimundas ^a   Ahmed, Naved ^a  

^a UNIVERSITY OF TARTU   (Estonia)

Author keywords

Alignment of modelling languages; Business process model and notation (BPMN); Information systems; Security risk management

Indexed keywords

INFORMATION SYSTEMS; MATHEMATICAL MODELS; TECHNICAL PRESENTATIONS;

BUSINESS PROCESS; BUSINESS PROCESS MODEL; BUSINESS PROCESS MODELLING; BUSINESS SECURITY; DOMAIN MODEL; MODEL TRANSFORMATION; MODELLING LANGUAGE; RISK TREATMENT; SECURE SYSTEM; SECURITY MODEL; SECURITY REQUIREMENTS; STRUCTURED APPROACH; SYSTEM DEVELOPMENT;

RISK MANAGEMENT;

EID: 84864711339     PISSN: 18651348     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-31069-0_1     Document Type: Conference Paper

References (24)

1. Alberts, C.J., Dorofee, A.J.: OCTAVE Method Implementation Guide Version 2.0. Carnegie Mellon University - Software Engineering Institute, Pennsylvania (2001)
2. Asnar, Y., Giorgini, P., Massacci, F., Zannone, N.: From Trust to Dependability through Risk Analysis. In: Proceedings of ARES 2007, pp. 19-26. IEEE Computer Society (2007)
3. AS/NZS 4360, Risk management. SAI Global (2004)
4. Braber, F., Hogganvik, I., Lund, M.S., Stølen, K., Vraalsen, F.: Model-based Security Analysis in Seven Steps-a Guided Tour to the CORAS Method. BT Technology Journal 25(1), 101-117 (2007)
5. Chowdhury, M.J.M., Matulevičius, R., Sindre, G., Karpati, P.: Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions. In: Regnell, B., Damian, D. (eds.) REFSQ 2011. LNCS, vol. 7195, pp. 132-139. Springer, Heidelberg (2012)
6. Common Criteria version 2.3, Common Criteria for Information Technology Security Evaluation, CCMB-2005-08-002 (2005), http://www.tse.org.tr/turkish/ belgelendirme/ortakkriter/ccpart2v2.3.pdf
7. Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A Systematic Approach to Define the Domain of Information System Security Risk Management. In: Intentional Perspectives on Information Systems Engineering, pp. 289-306. Springer (2010)
8. Firesmith, D.G.: Engineering Safety and Security Related Requirements for Software Intensive Systems. In: Companion to the Proceedings of the 29th International Conference on Software Engineering (COMPANION 2007), p. 169. IEEE Computer Society (2007)
9. Haley, C.B., Laney, R.C., Moffett, J.D., Nuseibeh, B.: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Transactions on Software Engineering 34, 133-153 (2008)
10. Herrmann, A., Morali, A., Etalle, S., Wieringa, R.: Risk and Business Goal Based Security Requirement and Countermeasure Prioritization. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 64-76. Springer, Heidelberg (2012)
11. ISO/IEC Guide 73, Risk management - Vocabulary - Guidelines for use in standards. International Organization for Standardization, Geneva (2002)
12. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
13. Matulevičius, R., Mayer, N., Heymans, P.: Alignment of Misuse Cases with Security Risk Management. In: Proceedings of ARES 2008, pp. 1397-1404. IEEE (2008)
14. Matulevičius, R., Mayer, N., Mouratidis, H., Martinez, F.H., Heymans, P., Genon, N.: Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 541-555. Springer, Heidelberg (2008)
15. Mayer, N.: Model-based Management of Information System Security Risk. Doctoral Thesis, University of Namur (2009)
16. Menzel, M., Thomas, I., Meinel, C.: Security Requirements Specification in Service-oriented Business Process Management. In: ARES 2009, pp. 41-49 (2009)
17. Paja, E., Giorgini, P., Paul, S., Meland, P.H.: Security Requirements Engineering for Secure Business Processes. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 77-89. Springer, Heidelberg (2012)
18. Remco, M., Dijkman, R.M., Dumas, M., Ouyang, C.: Formal Semantics and Analysis of BPMN Process Models using Petri Nets. Queensland University of Technology, TR (2007)
19. Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Transactions on Information and Systems E90-D(4), 745-752 (2007)
20. Rodríguez, A., Fernández-Medina, E., Piattini, M.: UbiComp 2007. LNCS, vol. 4717, pp. 408-415 (2007)
21. Silver, B.: BPMN Method and Style: A Levels-based Methodology for BPMN Process Modeling and Improvement using BPMN 2.0. Cody-Cassidy Press (2009)
22. Stoneburner, G., Goguen, A., Feringa, A.: NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems. National Institute of Standards and Technology, Gaithersburg (2002)
23. Trendowicz, A.: Tutorial: CoBRA - Cost Estimation, Benchmarking and Risk Analysis Method (2005), http://www.dasma.org/metrikon2005/tutorial-cobra.pdf
24. White, S.A.: Introduction to BPMN, IBM (2004), http://www.bpmn.org/ Documents/Introduction-to-BPMN.pdf