Abstract
Amount of security breaches and organizations’ losses, related to them, is increasing every year. One of the key reasons is a high dependency of organization’s key business processes on information and information technology. To decrease the risk of possible breaches, organizations have to ensure “due diligence” and “due care” principles. This means, organizations need to apply requirements or controls defined by existing security standards. One of the main issues in such approach is identification of critical areas and evaluation of cost for security requirements implementation.
In this paper we consider how our previously proposed method for information security requirements implementation cost evaluation could be linked with organizations’ business processes. Our proposal could help us identify organization critical areas, which need to be protected and could let us to calculate security costs, related to the protected areas.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
PricewaterhouseCoopers: Information Security Breaches survey conducted by PwC (2016). http://www.pwc.be/en/news-publications/publications/2016/information-security-breaches-survey.html
Information Security Forum. Threat Horizon 2017 – Executive summary. https://www.securityforum.org/research/threat-horizon-2017-dangers-accelerate
Hackmageddon – Information Security timelines and statistics. http://www.hackmageddon.com/2017/01/19/2016-cyber-attacks-statistics
Symantec: 2016 Internet Security Threat Report. https://www.symantec.com/security-center/threat-report
Sarbane-Oxley act of 2002: US mandatory regulatory requirements
PCI DSS: Payment Card Industry Data Security Standard. International Information Security standard (2016)
HIPAA: Health Insurance Portability and Accountability Act. US mandatory regulatory requirements for Health Insurance sector (2002)
Olifer, D., Goranin, N., Kaceniauskas, A., Cenys, A.: Controls-based approach for evaluation of information security standards implementation costs. Technol. Econ. Dev. 23-1, 196–219 (2017)
Brecht, M., Nowey, T.: A closer look at information security costs. In: Böhme, R. (ed.) The Economics of Information Security and Privacy. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_1
Appian. About BPM – Business process definition. http://www.appian.com/about-bpm/definition-of-a-business-process
Johansson, L.O., Warja, M., Carlsson, S.: An evaluation of business process model techniques, using Moody’s quality criterion for a good diagram. In: 11th International Conference on Perspectives in Business Informatics Research, pp 54–64. CEUR Workshop, Niznij Novgorod (2012)
Aldin. L., de Cesare, S.: A comparative analysis of business process modelling techniques. In: UK Academy for Information Systems Conference Proceedings 2009, Oxford, UK (2009). http://aisel.aisnet.org/ukais2009/2
Ramanauskaite, S., Olifer, D., Goranin, N., Cenys, A.: Security ontology for adaptive mapping of security standards. Int. J. Comput. Commun. Controls 8-6, 878–890 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Olifer, D., Goranin, N., Janulevicius, J., Kaceniauskas, A., Cenys, A. (2018). Improvement of Security Costs Evaluation Process by Using Data Automatically Captured from BPMN and EPC Models. In: Teniente, E., Weidlich, M. (eds) Business Process Management Workshops. BPM 2017. Lecture Notes in Business Information Processing, vol 308. Springer, Cham. https://doi.org/10.1007/978-3-319-74030-0_56
Download citation
DOI: https://doi.org/10.1007/978-3-319-74030-0_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74029-4
Online ISBN: 978-3-319-74030-0
eBook Packages: Computer ScienceComputer Science (R0)