Change language
English Deutsch
Change currency
€ EUR £ GBP $ USD
Licensed Unlicensed Requires Authentication Published by De Gruyter Oldenbourg December 19, 2013

Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns

Nutzung risk-basierter Muster zur Erhebung von Sicherheitsanforderungen in Geschäftsprozessen
  • Raimundas Matulevičius

    Dr. Raimundas Matulevičius received his Ph.D. diploma from the Norwegian University of Science and Technology in the area of computer and information science. Currently he holds an associate professor position at the University of Tartu (Estonia). His research interests include information systems, business process modelling, requirements engineering, and security risk management. The publication record includes more than 60 articles published in the peer-reviewed journals and conferences. Matulevičius has been a program committee member at the international workshops (e.g., BUSITAL, WOSIS) and conferences (e.g., REFSQ, PoEM, and CAiSE); he is a co-chair of the workshop on Security in Business Processes (SBP).

    Institute of Computer Science, J. Liivi 2, 50409 Tartu, Estonia

     EMAIL logo     and Naved Ahmed

    Naved Ahmed is currently a Ph.D. Candidate in the Department of Computer Sciences at the University of Tartu, Estonia. He received his M.S. degree in Engineering & Management of Information Systems from Royal Institute of Technology, Stockholm, Sweden. He is working on secure business processes and his research interests are in the areas of business process modeling, security engineering and requirements engineering. Besides, he has 3-year experience of software development in telecom sector.

    Institute of Computer Science, J. Liivi 2, 50409 Tartu, Estonia
From the journal it – Information Technology
https://doi.org/10.1524/itit.2013.2002

Abstract

Although importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a two-step method for (i) pattern occurrence discovery in, and (ii) for security requirements definition from the business process model. We hope that our proposal could help elicit security requirements at the early system development stages, however, we still need to validate it empirically.

Zusammenfassung

Dieser Beitrag fokussiert auf die Nutzung von risk-orientierter Muster zur Erhebung von Sicherheitsanforderungen. Er stellt ein zweistufiges Verfahren für (i) die Entdeckung risk-orientierter Muster in Geschäftsprozessen und (ii) ihre Definition vor.

Keywords: ACM CSS; Security and privacy; Formal methods and theory of security; Security requirements; ACM CCS; Applied computing; Enterprise computing; Business process management
Schlagwörter: Sicherheitsanforderungen; Sicherheitsrisiko basierte Erhebungsmuster; Geschäftsprozesse

About the authors

Raimundas Matulevičius

Dr. Raimundas Matulevičius received his Ph.D. diploma from the Norwegian University of Science and Technology in the area of computer and information science. Currently he holds an associate professor position at the University of Tartu (Estonia). His research interests include information systems, business process modelling, requirements engineering, and security risk management. The publication record includes more than 60 articles published in the peer-reviewed journals and conferences. Matulevičius has been a program committee member at the international workshops (e.g., BUSITAL, WOSIS) and conferences (e.g., REFSQ, PoEM, and CAiSE); he is a co-chair of the workshop on Security in Business Processes (SBP).

Institute of Computer Science, J. Liivi 2, 50409 Tartu, Estonia

Naved Ahmed

Naved Ahmed is currently a Ph.D. Candidate in the Department of Computer Sciences at the University of Tartu, Estonia. He received his M.S. degree in Engineering & Management of Information Systems from Royal Institute of Technology, Stockholm, Sweden. He is working on secure business processes and his research interests are in the areas of business process modeling, security engineering and requirements engineering. Besides, he has 3-year experience of software development in telecom sector.

Institute of Computer Science, J. Liivi 2, 50409 Tartu, Estonia

Received: 2013-7-27
Published Online: 2013-12-19
Published in Print: 2013-12-1

© 2013 by Walter de Gruyter Berlin Boston

From the journal
it – Information Technology
it – Information Technology
Volume 55 Issue 6
Submit manuscript

Journal and Issue

Articles in the same Issue

Masthead
Security in Business Process Management
Business Process Security Analysis – Design Time, Run Time, Audit Time
Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
Business Process Compliance: An Abstract Normative Framework
Integrating Security Aspects into Business Process Models
Security and Privacy in Business Processes: A Posteriori Analysis Techniques
Privacy Analysis of User Behavior Using Alignments
Masthead
Masthead
Editorial
Security in Business Process Management
Schwerpunkt
Business Process Security Analysis – Design Time, Run Time, Audit Time
Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns
Business Process Compliance: An Abstract Normative Framework
Integrating Security Aspects into Business Process Models
Security and Privacy in Business Processes: A Posteriori Analysis Techniques
Privacy Analysis of User Behavior Using Alignments
Downloaded on 28.4.2024 from https://www.degruyter.com/document/doi/10.1524/itit.2013.2002/html
Scroll to top button