Abstract
Information systems (IS) are considered as a necessary component for majority of corporate enterprises since they ensure the storage, the processing and the exchange of enterprise data, that are the main functions for an IS composed of heterogeneous components including servers, networks, personnel, policies, etc. The success of an enterprise depends enormously on the quality of the deployed IS and the capability of such system to react against internal and external factors that may prevent the abovementioned functions to be ensured in an efficient manner. Among the factors that may degrade the performance of ISs and even cause the end of an enterprise activity is the security attacks such as unauthorized access to IS components, denial of service, and loss of data integrity, that may target the different IS components in addition to the enterprise data. Therefore, a system for monitoring the quality of IS is among the urgent needs in order to provide for enterprises a tool that helps them to detect possible degradation, localize the affected components and then reacts in an efficient manner to maintain an acceptable level of IS quality and then ensuring the appropriate services that guarantee the satisfaction of potential enterprises customers. In this context, the paper aims to provide a way to model IS considering a set of appropriate parameters and the needed steps to decide on information security investments. A Petri net-based model has been introduced to specify and assess the impact of security attacks on corporate information system quality, provides a set of metrics to monitor the impact, and discusses the relationships that these impact may have with the degradation of business processes success. The efficiency of the proposed scheme is evaluated through a simulation for a business process related to the online sales.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Altuhhova, O., Matulevičius, R., Ahmed, N.: Towards definition of secure business processes. In: Bajec, M., Eder, J. (eds.) CAiSE Workshops 2012. LNBIP, vol. 112, pp. 1–15. Springer, Heidelberg (2012)
Capek, J., Hub, M., Myskova, R.: Basic authentication procedure modelled by Petri nets. Int. J. Comput. Commun. 4(4), 103–108 (2010)
Delone, W.H., McLean, E.R.: The delone and mclean model of information systems success: a ten-year update. J. Manage. Inf. Syst. 19(4), 9–30 (2003)
Keen, C., Lakos, C.: Information systems modelling using LOOPN++, an object Petri net scheme. In: Proceedings of 4th International Working Conference on Dynamic Modelling and Information Systems, pp. 28–30, 31–52. University Press (1994)
Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: ARES, pp. 41–48. IEEE Computer Society (2009)
Oberweis, A., Sander, P.: Information system behavior specification by high level Petri nets. ACM Trans. Inf. Syst. 14(4), 380–420 (1996)
Paja, E., Giorgini, P., Paul, S., Meland, P.H.: Security requirements engineering for secure business processes. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 77–89. Springer, Heidelberg (2012)
Petter, S., DeLone, W.H., McLean, E.R.: Measuring information systems success: models, dimensions, measures, and interrelationships. EJIS 17(3), 236–263 (2008)
Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. 90(4), 745–752 (2007)
Ge, X., Paige, R.F., McDermid, J.A.: Failures of a business process in enterprise systems. In: Cruz-Cunha, M.M., Varajão, J., Powell, P., Martinho, R. (eds.) CENTERIS 2011, Part I. CCIS, vol. 219, pp. 139–146. Springer, Heidelberg (2011)
Zegzhda, P.D., Zegzhda, D.P., Kalinin, M.O., Konoplev, A.S.: Security modeling of grid systems using Petri nets. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 299–308. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Djemaiel, Y., Boudriga, N. (2014). Modeling and Assessing the Impact of Security Attacks on Enterprise Information Systems. In: Abramowicz, W., Kokkinaki, A. (eds) Business Information Systems Workshops. BIS 2014. Lecture Notes in Business Information Processing, vol 183. Springer, Cham. https://doi.org/10.1007/978-3-319-11460-6_24
Download citation
DOI: https://doi.org/10.1007/978-3-319-11460-6_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11459-0
Online ISBN: 978-3-319-11460-6
eBook Packages: Computer ScienceComputer Science (R0)