Secure activity resource coordination: A method to design secure business processes

Proceedings of the 3rd International Conference on Design Science Research in Information Systems and Technology, DESRIST 2008

Volumn , Issue , 2008, Pages 249-265

  D'Aubeterre, Fergle ^a   Singh, Rahul ^a   Iyer, Lakshmi ^a  

^a UNIVERSITY OF NORTH CAROLINA AT GREENSBORO   (United States)

Author keywords

Activity resource coordination; Role based access control; Secure business process; Secure systems design; Security awareness

Indexed keywords

ACTIVITY-RESOURCE COORDINATION; BUSINESS PROCESS; ROLE-BASED ACCESS CONTROL; SECURE SYSTEM; SECURITY AWARENESS;

DESIGN; SYSTEMS ANALYSIS;

INFORMATION SYSTEMS;

EID: 84880146008     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (39)

1. Agarwal, R., De, P., and Sinha, A. "Comprehending Object and Process Models: An Empirical Study," IEEE Transactions on Software Engineering, (25:4), July/August 1999, pp. 541-556.
2. Allen, G. and S., March "The Effects of State-Based Data Representation on User Performance in Query Formulation Tasks," MIS Quarterly, (30:2), 2006, pp. 269-290.
3. Apvrille, A., and M. Pourzandi "Secure Software Development by Example," IEEE Security and Privacy, 2005, pp. 10-17.
4. Baskerville, R. Designing Information Systems Security, John Wiley & Sons, New York, 1988.
5. Bhatti, R, Bertino, E., Ghafoor, Joshi, J. "XML-Based Specification for Web Services Document Security," IEEE Computer Society, (34:4), 2004, pp.41-49.
6. Brooks, R. "Studying Programmer Behavior Experimentally: The Problems of Proper Methodology", Communication of ACM, (23: 4), pp. 207-213, Apr. 1980.
7. Chung, L., and B., Nixon "Dealing with Non-Functional Requirements: Three Experimental Studies of a Process-Oriented Approach," in Proceedings of the 17th International Conference on Software Engineering, 1995, Seattle-USA.
8. Crowston, K. and Osborn, C. "The Interdisciplinary Study of Coordination," in Malone, T. W., Crowston, K., and Herman, G. A., editors, Organizing business knowledge: the MIT process handbook, MIT Press, Cambridge, Massachusetts. 2003.
9. Davenport, T. "Process Innovation: Reengineering Work through Information Technology", Harvard Business School Press, 1993.
10. Dhillon, G. and J., Backhouse "Current Directions in IS Security Research: Towards Socio-Organizational Perspectives," Information Systems Journal, (11), 2001, pp. 127-153.
11. Endsley, M.R. "Toward a theory of Situational Awareness in dynamic systems," Human Factors (37:1) 1995, pp 32-64
12. Genero, M., J. Olivas, M. Piattini, F. Romero. "Assessing object oriented conceptual models maintainability", International Workshop Conceptual Model. Quality, October 2002, Tampere, Finland.
13. Greenwald, A. "Within-Subjects Designs: To Use or Not to Use?" Psychological Bull., (83:2), Sept. 1976.
14. Gudes, E., and A. Tubman "AutoWF: A Secure Web Workflow System Using Autonomous Objects? Data and Knowledge Engineering (43), 2002, pp. 1-27.
15. Hadar, I. and P., Soffer "Variations in Conceptual Modeling: Classification and Ontological Analysis," Journal of the Association for Information Systems, (7:8), August 2006, pp. 568-592.
16. Hammer, M. & Champy, J.M. Reengineering the Corporation: A Manifesto for Business Revolution, Nicholas Brealey Publishing, Allen and Urwin, London, 1993.
17. Hevner, A., March, S.T., Park, J., and Ram, S. "Design Science Research in Information Systems," MIS Quarterly (28:1), March 2004, pp. 75-105.
18. Jürjens, J. "Towards Development of Secure Systems Using UMLsec," in H. Hussmann, editor, Fundamental Approaches to Software Engineering, 4th International Conference, Proceedings, LNCS, 2001, pp. 187-200, Springer.
19. Keren, G. A Handbook for Data Analysis in the Behavioural Sciences-Methodological Issues, chapter 19: Between-or Within-Subjects Design: A Methodological Dilemma. Lawrence Erlbaum, Associates, 1993.
20. Kumar, A. and Wainer, J. "Meta workflows as a Control and Coordination Mechanism for Exception Handling in Workflow Systems," Decision Support Systems (40:1), 2005, pp. 89-105.
21. Laitenberger, O., El Emam, K., Harbich, T. "An Internally Replicated Quasi-Experiment Comparison of Checklist and Perspective-Based Reading of Code Documents," IEEE Transactions on Software Engineering, (27:5) May. 2001.
22. Larkin J.H. and H.A., Simon "Why a Diagram Is (Sometimes) Worth Ten Thousand Words," Cognitive Science, (11), 1987, pp. 65-99
23. Lee, Y., Lee, J., and Lee, Z. (2002) "Integrating Software Lifecycle Process Standards with Security Engineering," Computer and Security, (21:4), pp. 345-355.
24. Loebecke, C., van Fenema, P. and Powell, P. (1999) "Co-Opetition and Knowledge Transfer," Database for Advances in Information Systems, (30:2), pp. 14-25.
25. Malone, T. W., Crowston, K., and Herman, G. A. (Ed), Organizing business knowledge: the MIT process handbook, MIT Press, Cambridge, Massachusetts. 2003.
26. Malone, T. W., Yates, J., and Benjamin, R. I. "Electronic Markets and Electronic Hierarchies," Communications of the ACM, (30:6), 1987, pp. 484-497.
27. th Annual Computer Security Applications Conference, December 1999.
28. Mouratidis, H., Giorgini, P., and Manson, G. "When Security Meets Software Engineering: A Case of Modelling Secure Information Systems," Information Systems (30), pp. 609-629.
29. Mylopoulos, J. "Conceptual Modeling and Telos", Chapter 2 in P. Loucopoulos and R. Zicari (Ed.), Conceptual Modeling, Databases, and CASE. UK: Wiley, pp. 49-68. 1992.
30. Oh, S. and Park, S. "Task-role-based Access Control Model," Information Systems, (28:6), September 2003, pp. 533-562.
31. Porter, M.E., Millar, V.E. "How Information Gives You Competitive Advantage", Harvard Business Review (63:4), July/August 1985.
32. Raghu, T.S. and A., Vinze "A Business Process Context for Knowledge Management," Decision Support System, In press.
33. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., and Youman, C.E., "Role-Based Access Control Models," IEEE Computer (29:2), February 1996, pp. 38-47.
34. Singh, R. and Salam, A.F. "Semantic Information Assurance for Secure Distributed Knowledge Management: A Business Process Perspective" IEEE Transactions on Systems, Man and Cybernetics (36:3), 2006, pp. 472-486.
35. Siponen, M., Baskerville, R., and Heikka, J. "A Design Theory for Secure Information Systems Design Methods, "Journal of the Association for Information Systems (7:8), August 2006, pp. 568-592
36. Sohr, K., Ahn, G., and Migge, L. "Articulating and Enforcing Authorisation Policies with UML and OCL," Software Engineering for Secure System-Building Trustworthy Applications (SESS'05), 2005, St. Luis, MO, USA.
37. Straub, D., Goodman, S., and Baskerville, R. "Framing of Information Security Policies and Practices," in Information Security Policies, Processes, and Practices, D. Straub, S. Goodman and R. Baskerville (eds.), 2008, Armonk, NY: M. E. Sharpe.
38. van der Aalst, W.M.P. and Kumar, A. "XML Based Schema Definition for Support of Inter-Organizational Workflow," Information Systems Research (14:1), 2003, pp.23-46.
39. van Wyk, K. and G., McGraw "Bridging the Gap Between Software Development and Information Security," IEEE Security & Privacy, Sept-Oct 2005, pp. 75-79.