Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security and Trust Management

STM 2013: Security and Trust Management pp 176–190Cite as

Towards a Detective Approach to Process-Centered Resilience

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8203))

Abstract

Protection of today’s interconnected and complex information infrastructures is of high priority. Traditionally, protection means robustness: preventively identify the threats to business processes and propose countermeasures within the context of a risk analysis. This, however, only covers known risks having punctual effects upon the IT infrastructure. In contrast, the notion of resilience, as a refinement of trustworthiness, is getting attention both in academia and within organizations as a denominator to move beyond survival and even prosper in the face of adverse conditions. This paper reports on ongoing work towards the development of PREDEC, a detective framework to realize resilience in the context of business processes. Specifically, it firstly motivates the need for operational resilience and corresponding tool support at the level of processes. Secondly, it sketches the operation and building blocks of PREDEC, which currently employs process mining techniques to analyze process event logs to assess systems’ resilience. Finally, it describes the intended evaluation steps to be undertaken once PREDEC is completely implemented.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   72.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Accorsi, R.: Safe-keeping digital evidence with secure logging protocols: State of the art and challenges. In: Goebel, O., Ehlert, R., Frings, S., Günther, D., Morgenstern, H., Schadt, D. (eds.) Proceedings the IEEE Conference on Incident Management and Forensics, pp. 94–110. IEEE Computer Society (2009)

    Google Scholar 

  2. Accorsi, R.: Sicherheit im prozessmanagement. digma Zeitschrift für Datenrecht und Informationssicherheit (2013)

    Google Scholar 

  3. Accorsi, R., Lehmann, A.: Automatic information flow analysis of business process models. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 172–187. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: Ossowski, S., Lecca, P. (eds.) SAC, pp. 1709–1716. ACM (2012)

    Google Scholar 

  5. Accorsi, R., Stocker, T., Müller, G.: On the exploitation of process mining for security audits: the process discovery case. In: Proceedings of the ACM Symposium on Applied Computing, pp. 1462–1468. ACM (2013)

    Google Scholar 

  6. Accorsi, R., Ullrich, M., van der Aalst, W.M.P.: Process mining. Informatik Spektrum 35(5), 354–359 (2012)

    Article  Google Scholar 

  7. Allen, J.H., Curtis, P.D., Gates, L.P.: Using defined processes as a context for resilience measures (2011)

    Google Scholar 

  8. Antunes, P., Mourão, H.: Resilient business process management: Framework and services. Expert Syst. Appl. 38(2), 1241–1254 (2011)

    Article  Google Scholar 

  9. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)

    Article  Google Scholar 

  10. Balasubramanian, S., Gupta, M.: Structural metrics for goal based business process design and evaluation. Business Process Management Journal 11(6), 680–694 (2005)

    Article  Google Scholar 

  11. Basin, D.A., Burri, S.J., Karjoth, G.: Optimal workflow-aware authorizations. In: ACM Symposium on Access Control Models and Technologies, pp. 93–102. ACM (2012)

    Google Scholar 

  12. Boin, A., McConnell, A.: Preparing for critical infrastructure breakdowns: The limits of crisis management and the need for resilience. Journal of Contingencies & Crisis Management 15(1), 50–59 (2007)

    Article  Google Scholar 

  13. Borgatti, S.P., Everett, M.G., Freeman, L.C.: UCINET for windows: Software for social network analysis. In: Analytic Technologies, Harvard (2002)

    Google Scholar 

  14. Butler, B.S., Gray, P.H.: Reliability, mindfulness, and information systems. MIS Quarterly 30(2), 211–224 (2006)

    Google Scholar 

  15. Caralli, R.A., Allen, J.H., Curtis, P.D., Young, L.R.: Cert resilience management model, version 1.0 (2010)

    Google Scholar 

  16. Diesner, J., Frantz, T.L., Carley, K.M.: Communication networks from the enron email corpus “It’s always about the people. enron is no different”. Computational & Mathematical Organization Theory 11(3), 201–228 (2005)

    Article  MATH  Google Scholar 

  17. Etzion, O.: Complex event processing. In: Liu, L., Özsu, M.T. (eds.) Encyclopedia of Database Systems, pp. 412–413. Springer, Heidelberg (2009)

    Google Scholar 

  18. Fdhila, W., Rinderle-Ma, S., Reichert, M.: Change propagation in collaborative processes scenarios. In: CollaborateCom, pp. 452–461. IEEE (2012)

    Google Scholar 

  19. Fenz, S., Ekelhart, A., Neubauer, T.: Business process-based resource importance determination. In: Dayal, U., Eder, J., Koehler, J., Reijers, H.A. (eds.) BPM 2009. LNCS, vol. 5701, pp. 113–127. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  20. Fenz, S., Neubauer, T., Accorsi, R., Koslowski, T.: FORISK: Formalizing information security risk and compliance management. In: Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2013)

    Google Scholar 

  21. Fischbach, D.K., Gloor, D.P.A., Schoder, P.D.D.: Analysis of informal communication networks - a case study. Business & Information Systems Engineering 1(2), 140–149 (2009)

    Article  Google Scholar 

  22. Fisher, D., Dourish, P.: Social and temporal structures in everyday collaboration. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2004, pp. 551–558. ACM, New York (2004)

    Chapter  Google Scholar 

  23. Freiling, F.C., Schwittay, B.: A common process model for incident response and computer forensics. In: IMF, pp. 19–40 (2007)

    Google Scholar 

  24. Harrington, H.J.: Business process improvement: The breakthrough strategy for total quality, productivity, and competitiveness. McGraw-Hill, New York (1991)

    Google Scholar 

  25. Hollnagel, E., Woods, D.D., Leveson, N. (eds.): Resilience engineering: Concepts and precepts. Ashgate, Aldershot and England and and Burlington and VT (2006)

    Google Scholar 

  26. Jakoubi, S., Tjoa, S., Goluch, G., Quirchmayr, G.: A survey of scientific approaches considering the integration of security and risk aspects into business process management. In: DEXA Proceedings of the 20th International Workshop on Database and Expert Systems Application, pp. 127–132.

    Google Scholar 

  27. Janssen, M.A., Bodin, O., Anderies, J.M., Elmqvist, T., Ernstson, H., McAllister, R.R., Olsson, P., Ryan, P.: Toward a network perspective of the study of resilience in social-ecological systems. Ecology and Society 11(1), 15 (2006)

    Google Scholar 

  28. Koslowski, T.G., Geoghegan, W., Longstaff, P.H.: Organizational resilience: A review and reconceptualization. In: Barr, P., Rothaermel, F. (eds.) 33rd Annual International Conference of the Strategic Management Society, Atlanta, VA, September 28-October 1 (2013)

    Google Scholar 

  29. Longstaff, P.H., Koslowski, T.G., Geoghegan, W.: Translating resilience: A framework to enhance communication and implementation. In: 5th International Symposium on Resilience Engineering, Soesterberg, Netherlands, June 25-27 (2013)

    Google Scholar 

  30. McCann, J.E., Selsky, J.W.: Mastering turbulence: The essential capabilities of agile and resilient individuals, teams, and organizations, 1st edn. Jossey-Bass, San Franciso (2012)

    Google Scholar 

  31. Meyer, J.F.: Model-based evaluation of system resilience. In: Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2013)

    Google Scholar 

  32. Müller, G., Koslowski, T.G., Accorsi, R.: Resilience - a new research field in business information systems? In: Proceedings of the 16th International Conference on Business Information Systems. Springer, Heidelberg (2013)

    Google Scholar 

  33. Ogata, H., Yano, Y., Furugori, N., Jin, Q.: Computer supported social networking for augmenting cooperation. Computer Supported Cooperative Work (CSCW) 10(2), 189–209 (2001)

    Article  Google Scholar 

  34. Scott, J.: Social network analysis. Sage, Newbury Park (1991)

    Google Scholar 

  35. Sterbenz, J., Cetinkaya, E., Hameed, M., Jabbar, A., Rohrer, J.: Modelling and analysis of network resilience. In: 2011 Third International Conference on Communication Systems and Networks (COMSNETS), pp. 1–10 (2011)

    Google Scholar 

  36. Suriadi, S., Weiss, B., Winkelmann, A., ter Hofstede, A., Wynn, M., Ouyang, C., Adams, M., Conforti, R., Fidge, C., La Rosa, M., et al.: Current research in risk-aware business process management-overview, comparison, and gap analysis. QUT ePrints, 50606 (2012)

    Google Scholar 

  37. van der Aalst, W.: Process Mining – Discovery, Conformance and Enhancement of Business Processes. Springer (2011)

    Google Scholar 

  38. van der Aalst, W.M.P., Reijers, H.A., Song, M.: Discovering social networks from event logs. Comput. Supported Coop. Work 14(6), 549–593 (2005)

    Article  Google Scholar 

  39. Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur. 13(4), 40 (2010)

    Article  Google Scholar 

  40. Wasserman, S., Faust, K.: Social Network Analysis: Methods and Applications (Structural Analysis in the Social Sciences). Cambridge University Press (1994)

    Google Scholar 

  41. Weick, K.E., Sutcliffe, K.M.: Managing the unexpected: Resilient performance in an age of uncertainty, 2nd edn. Jossey-Bass, San Francisco (2007)

    Google Scholar 

  42. Wolter, K.: Resilience assessment and evaluation of computing systems. Springer, Berlin, London (2012)

    Book  Google Scholar 

  43. Yen, V.C.: An integrated model for business process measurement. Business Process Management Journal 15(6), 865–875 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Freiburg, Germany

    Thomas Koslowski & Christian Zimmermann

Authors
  1. Thomas Koslowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Zimmermann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Telematics, University of Freiburg, Friedrichstraße 50, 79098, Freiburg, Germany

    Rafael Accorsi

  2. Centre for Information Technology, Fondazione Bruno Kessler ( FBK), via Sommarive 18, 38123, Trento, Italy

    Silvio Ranise

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Koslowski, T., Zimmermann, C. (2013). Towards a Detective Approach to Process-Centered Resilience. In: Accorsi, R., Ranise, S. (eds) Security and Trust Management. STM 2013. Lecture Notes in Computer Science, vol 8203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41098-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41098-7_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41097-0

  • Online ISBN: 978-3-642-41098-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation