Abstract
Protection of today’s interconnected and complex information infrastructures is of high priority. Traditionally, protection means robustness: preventively identify the threats to business processes and propose countermeasures within the context of a risk analysis. This, however, only covers known risks having punctual effects upon the IT infrastructure. In contrast, the notion of resilience, as a refinement of trustworthiness, is getting attention both in academia and within organizations as a denominator to move beyond survival and even prosper in the face of adverse conditions. This paper reports on ongoing work towards the development of PREDEC, a detective framework to realize resilience in the context of business processes. Specifically, it firstly motivates the need for operational resilience and corresponding tool support at the level of processes. Secondly, it sketches the operation and building blocks of PREDEC, which currently employs process mining techniques to analyze process event logs to assess systems’ resilience. Finally, it describes the intended evaluation steps to be undertaken once PREDEC is completely implemented.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Accorsi, R.: Safe-keeping digital evidence with secure logging protocols: State of the art and challenges. In: Goebel, O., Ehlert, R., Frings, S., Günther, D., Morgenstern, H., Schadt, D. (eds.) Proceedings the IEEE Conference on Incident Management and Forensics, pp. 94–110. IEEE Computer Society (2009)
Accorsi, R.: Sicherheit im prozessmanagement. digma Zeitschrift für Datenrecht und Informationssicherheit (2013)
Accorsi, R., Lehmann, A.: Automatic information flow analysis of business process models. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 172–187. Springer, Heidelberg (2012)
Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: Ossowski, S., Lecca, P. (eds.) SAC, pp. 1709–1716. ACM (2012)
Accorsi, R., Stocker, T., Müller, G.: On the exploitation of process mining for security audits: the process discovery case. In: Proceedings of the ACM Symposium on Applied Computing, pp. 1462–1468. ACM (2013)
Accorsi, R., Ullrich, M., van der Aalst, W.M.P.: Process mining. Informatik Spektrum 35(5), 354–359 (2012)
Allen, J.H., Curtis, P.D., Gates, L.P.: Using defined processes as a context for resilience measures (2011)
Antunes, P., Mourão, H.: Resilient business process management: Framework and services. Expert Syst. Appl. 38(2), 1241–1254 (2011)
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)
Balasubramanian, S., Gupta, M.: Structural metrics for goal based business process design and evaluation. Business Process Management Journal 11(6), 680–694 (2005)
Basin, D.A., Burri, S.J., Karjoth, G.: Optimal workflow-aware authorizations. In: ACM Symposium on Access Control Models and Technologies, pp. 93–102. ACM (2012)
Boin, A., McConnell, A.: Preparing for critical infrastructure breakdowns: The limits of crisis management and the need for resilience. Journal of Contingencies & Crisis Management 15(1), 50–59 (2007)
Borgatti, S.P., Everett, M.G., Freeman, L.C.: UCINET for windows: Software for social network analysis. In: Analytic Technologies, Harvard (2002)
Butler, B.S., Gray, P.H.: Reliability, mindfulness, and information systems. MIS Quarterly 30(2), 211–224 (2006)
Caralli, R.A., Allen, J.H., Curtis, P.D., Young, L.R.: Cert resilience management model, version 1.0 (2010)
Diesner, J., Frantz, T.L., Carley, K.M.: Communication networks from the enron email corpus “It’s always about the people. enron is no different”. Computational & Mathematical Organization Theory 11(3), 201–228 (2005)
Etzion, O.: Complex event processing. In: Liu, L., Özsu, M.T. (eds.) Encyclopedia of Database Systems, pp. 412–413. Springer, Heidelberg (2009)
Fdhila, W., Rinderle-Ma, S., Reichert, M.: Change propagation in collaborative processes scenarios. In: CollaborateCom, pp. 452–461. IEEE (2012)
Fenz, S., Ekelhart, A., Neubauer, T.: Business process-based resource importance determination. In: Dayal, U., Eder, J., Koehler, J., Reijers, H.A. (eds.) BPM 2009. LNCS, vol. 5701, pp. 113–127. Springer, Heidelberg (2009)
Fenz, S., Neubauer, T., Accorsi, R., Koslowski, T.: FORISK: Formalizing information security risk and compliance management. In: Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2013)
Fischbach, D.K., Gloor, D.P.A., Schoder, P.D.D.: Analysis of informal communication networks - a case study. Business & Information Systems Engineering 1(2), 140–149 (2009)
Fisher, D., Dourish, P.: Social and temporal structures in everyday collaboration. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2004, pp. 551–558. ACM, New York (2004)
Freiling, F.C., Schwittay, B.: A common process model for incident response and computer forensics. In: IMF, pp. 19–40 (2007)
Harrington, H.J.: Business process improvement: The breakthrough strategy for total quality, productivity, and competitiveness. McGraw-Hill, New York (1991)
Hollnagel, E., Woods, D.D., Leveson, N. (eds.): Resilience engineering: Concepts and precepts. Ashgate, Aldershot and England and and Burlington and VT (2006)
Jakoubi, S., Tjoa, S., Goluch, G., Quirchmayr, G.: A survey of scientific approaches considering the integration of security and risk aspects into business process management. In: DEXA Proceedings of the 20th International Workshop on Database and Expert Systems Application, pp. 127–132.
Janssen, M.A., Bodin, O., Anderies, J.M., Elmqvist, T., Ernstson, H., McAllister, R.R., Olsson, P., Ryan, P.: Toward a network perspective of the study of resilience in social-ecological systems. Ecology and Society 11(1), 15 (2006)
Koslowski, T.G., Geoghegan, W., Longstaff, P.H.: Organizational resilience: A review and reconceptualization. In: Barr, P., Rothaermel, F. (eds.) 33rd Annual International Conference of the Strategic Management Society, Atlanta, VA, September 28-October 1 (2013)
Longstaff, P.H., Koslowski, T.G., Geoghegan, W.: Translating resilience: A framework to enhance communication and implementation. In: 5th International Symposium on Resilience Engineering, Soesterberg, Netherlands, June 25-27 (2013)
McCann, J.E., Selsky, J.W.: Mastering turbulence: The essential capabilities of agile and resilient individuals, teams, and organizations, 1st edn. Jossey-Bass, San Franciso (2012)
Meyer, J.F.: Model-based evaluation of system resilience. In: Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2013)
Müller, G., Koslowski, T.G., Accorsi, R.: Resilience - a new research field in business information systems? In: Proceedings of the 16th International Conference on Business Information Systems. Springer, Heidelberg (2013)
Ogata, H., Yano, Y., Furugori, N., Jin, Q.: Computer supported social networking for augmenting cooperation. Computer Supported Cooperative Work (CSCW) 10(2), 189–209 (2001)
Scott, J.: Social network analysis. Sage, Newbury Park (1991)
Sterbenz, J., Cetinkaya, E., Hameed, M., Jabbar, A., Rohrer, J.: Modelling and analysis of network resilience. In: 2011 Third International Conference on Communication Systems and Networks (COMSNETS), pp. 1–10 (2011)
Suriadi, S., Weiss, B., Winkelmann, A., ter Hofstede, A., Wynn, M., Ouyang, C., Adams, M., Conforti, R., Fidge, C., La Rosa, M., et al.: Current research in risk-aware business process management-overview, comparison, and gap analysis. QUT ePrints, 50606 (2012)
van der Aalst, W.: Process Mining – Discovery, Conformance and Enhancement of Business Processes. Springer (2011)
van der Aalst, W.M.P., Reijers, H.A., Song, M.: Discovering social networks from event logs. Comput. Supported Coop. Work 14(6), 549–593 (2005)
Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur. 13(4), 40 (2010)
Wasserman, S., Faust, K.: Social Network Analysis: Methods and Applications (Structural Analysis in the Social Sciences). Cambridge University Press (1994)
Weick, K.E., Sutcliffe, K.M.: Managing the unexpected: Resilient performance in an age of uncertainty, 2nd edn. Jossey-Bass, San Francisco (2007)
Wolter, K.: Resilience assessment and evaluation of computing systems. Springer, Berlin, London (2012)
Yen, V.C.: An integrated model for business process measurement. Business Process Management Journal 15(6), 865–875 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koslowski, T., Zimmermann, C. (2013). Towards a Detective Approach to Process-Centered Resilience. In: Accorsi, R., Ranise, S. (eds) Security and Trust Management. STM 2013. Lecture Notes in Computer Science, vol 8203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41098-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-41098-7_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41097-0
Online ISBN: 978-3-642-41098-7
eBook Packages: Computer ScienceComputer Science (R0)