Supporting compliance through enhancing internal control systems by conceptual business process security modeling

ACIS 2010 Proceedings - 21st Australasian Conference on Information Systems

Volumn , Issue , 2010, Pages

  Riesner, Moritz ^a   Pernul, Günther ^a  

^a UNIVERSITY OF REGENSBURG   (Germany)

Author keywords

BPM; Compliance; Conceptual modeling; Internal control; IT Security

Indexed keywords

BPM; COMPLIANCE; CONCEPTUAL MODELING; INTERNAL CONTROLS; IT SECURITY;

CONTROL SYSTEMS; INFORMATION SYSTEMS; SEMANTICS; SYSTEMS ENGINEERING;

FINANCE;

EID: 84870387775     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (29)

1. th ACM Workshop on Role-Based Access Control (RBAC '00), pp 1-10.
2. th European Symposium on Research in Computer Security (ESORICS '96), pp 44-64.
3. nd ACM Workshop on role-Based Access Control, pp 1-12.
4. Fischer-Hübner, S. 2001. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. New York, Springer.
5. Fox, C., Zonneveld, P. 2006. "IT Control Objectives for Sarbanes-Oxley, " IT Governance Institute.
6. Goedertier, S., Mues, C., Vanthienen, J. 2007. "Specifying process-aware access control rules in SBVR, " Proc. of the International Symposium on Rule Interchange and Applications (RuleML '07, LCNS 4824, Springer, pp 39-52.
7. Haworth, D.A., Pietron, L.R. 2006. "Sarbanes-Oxley: Achieving Compliance by Starting with ISO 17799, " Information Systems Management (23:1), December, pp 73-87.
8. Herrmann, P., Herrmann, G. 2006. "Security Requirement Analysis of Business Processes, " Electronic Commerce Research (6:3-4), October, pp 305-335.
9. Ho, Danny Ting-Yi., Jin, Yulong. 2009. "Business Process Management: A Research Overview and Analysis, " Proc. of AMCIS '09, Paper 785.
10. th International Conference on Conceptual Modeling (ER '09), LCNS 5829, Springer, pp 458-471.
11. th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ECBS '09), pp 340-347.
12. Jürjens, J. 2005. Secure Systems Development with UML. Berlin, Germany: Springer.
13. Karagiannis, D. 2008. "A Business Process-based Modelling Extension for Regulatory Compliance, " Multikonferenz Wirtschaftsinformatik (MKWI '08), pp 1159-1173.
14. Kharbili, M.E., Stein, S., Markovic, I. Pulvermüller, E. 2008, "Towards a Framework for Semantic Business Process Compliance Management, " Proc. of the First International Workshop on Governance, Risk and Compliance (GRCIS '08), pp 1-15.
15. th Annual Working Conference on Information Security (IFIP/Sec '01), pp 199-212.
16. Kumar, A., Liu, R. 2008. "A Rule-Based Framework Using Role Patterns for Business Process Compliance, " Proc. of the International Symposium on Rule Representation, Interchange and Reasoning on the Web (RuleML '08), LCNS 2460, Springer, pp 426-441.
17. th International Conference of the Unified Modeling Language, (UML'02), LCNS 2460, Springer, pp 426-441.
18. Neubauer, T., Klemen, M.D., Biffl, S. 2006. "Secure Business Process Management: A Roadmap", Proc. of the First International Conference on Availability, Reliability and Security (ARES '06), pp 457-464.
19. Pernul, G., Tjoa, A.M., Winiwarter, W. 1998. "Modelling Data Secrecy and Integrity, " Data & Knowledge Enineering (26:3), July, pp 291-308.
20. Rodríguez, A., Fernández-Medina, E., Piattini, M. 2007a. "A BPMN Extension for the Modeling of Security Requirements in Business Processes, " IEICE Transactions (90-D:4), March, pp 745-752.
21. Rodríguez, A., Fernández-Medina, E., Piattini, M. 2007b. "An MDA Approach to Develop Secure Business Processes through a UML 2.0 Extension, " Computer Systems Science & Engineering (22:5), September, pp 308-320.
22. th Annual Computer Security Applications Conference (ACSAC'99), pp 22-32.
23. Röhrig, S., Knorr, K. 2004. "Security Analysis of Electronic Business Processes, " Electronic Commerce Research (4:1-2), January-April, pp 59-81.
24. th International Conference on Business Process Management (BPM '07), LCNS 4714, Springer, pp 149-164.
25. Siponen, M.T., Heikkar, J. 2008. "Do secure Information System Design Methods Provide Adequate Modeling Support?, " Information & Software Technology (50:9-10), August, pp 1034-1053.
26. Steinke, G. 2002. "Data pricacy approaches from US and EU perspectives, " Telematics and Informatics (19:2), May, pp 193-200.
27. Tarantino, A. 2008. Governance, Risk and Compliance Handbook: Technology, finance, Environmental, and International Guidance and Best Practices, Wiley, Hoboken, New Jersey.
28. Wainer, J., Kumar, A., Barthelmess, P. 2007. "DW-RBAC: A Formal Security Model of Delegation and Revocation in Workflow Systems, " Information Systems (32:3), May, pp 365-384.
29. Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C. 2009. "Model-Driven Business Process Security Requirement Specification, " Journal of Systems Architecture-Embedded Systems Design (55:4), April, pp 211-223.