pdfreaders.org

Integrating Security Aspects into Business Process Models

by Achim D. Brucker

Cover for brucker:securebpmn:2013.Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts as well as basis for the system implementation. Since several years, enterprise system need to fulfil an increasing number of the security and compliance requirements. Thus, there is an increasing demand for integrating high-level security and compliance requirements into process models, ie, a common language for domain experts, system experts, and security experts.

We present a security modelling language, called SecureBPMN, that can easily be integrated into business process modelling languages. In this paper, we exemplary integrate SecureBPMN into BPMN and, thus, present a common language for describing business process models together with their security and compliance requirements.

Keywords: Management of Computing and Information Systems, SecureBPMN, BPMN, Break-Glass, Break-the-Glass
Categories: ,
Documents: (full text as PDF file)

QR Code for brucker:securebpmn:2013.Please cite this article as follows:
Achim D. Brucker. Integrating Security Aspects into Business Process Models. In it - Information Technology, 55 (6), pages 239-246, 2013. Special Issue on "Security in Business Processes."
Keywords: Management of Computing and Information Systems, SecureBPMN, BPMN, Break-Glass, Break-the-Glass
(full text as PDF file) (BibTeX) (Endnote) (RIS) (Word) (doi:10.1524/itit.2013.2004) (Share article on LinkedIn. Share article on CiteULike. )

BibTeX
@Article{ brucker:securebpmn:2013,
abstract = {Modern enterprise systems are often process-driven and, thus, rely heavily on process-aware information systems. In such systems, high-level process-models play an important role both for communicating business requirements between domain experts and system experts as well as basis for the system implementation. Since several years, enterprise system need to fulfil an increasing number of the security and compliance requirements. Thus, there is an increasing demand for integrating high-level security and compliance requirements into process models, \ie, a common language for domain experts, system experts, and security experts.\\\\We present a security modelling language, called SecureBPMN, that can easily be integrated into business process modelling languages. In this paper, we exemplary integrate SecureBPMN into BPMN and, thus, present a common language for describing business process models together with their security and compliance requirements.},
abstract_de = {Moderne Unternehmensanwendungen m{\"u}ssen die Unternehmen dabei unterst{\"u}tzen, ihre Gesch{\"a}ftsprozesse effizient auszuf{\"u}hren. In solchen Anwendungen spielen abstrakte Gesch{\"a}ftsprozessmodelle eine zentrale Rolle. Die Gesch{\"a}ftsprozessmodelle werden f{\"u}r die Kommunikation zwischen Gesch{\"a}fts- und IT-Experten genutzt und dienen dar{\"u}ber hinaus als Basis f{\"u}r die Implementierung der Unternehmensanwendungen. Seit einigen Jahren m{\"u}ssen Unternehmensanwendungen einer steigenden Anzahl von Sicherheits- und Compliance-Anforderungen gen{\"u}gen. Hieraus ergibt sich ein gesteigerte Bed{\"u}rfnis nach der Integration von Sicherheits- und Compliance-Anforderungen in die Gesch{\"a}ftsprozessmodelle.\\\\In diesem Artikel stellen wir die Modellierungssprache SecureBPMN vor, welche es erlaubt, Sicherheitsanforderungen im Kontext von Gesch{\"a}ftsprozessmodelle zu spezifizieren.},
author = {Achim D. Brucker},
doi = {10.1524/itit.2013.2004},
issn = {2196-7032},
journal = {it - Information Technology},
keywords = {Management of Computing and Information Systems, SecureBPMN, BPMN, Break-Glass, Break-the-Glass},
language = {USenglish},
month = {dec},
note = {Special Issue on ``Security in Business Processes.''},
number = {6},
pages = {239--246},
pdf = {https://www.brucker.ch/bibliography/download/2013/brucker-securebpmn-2013.pdf},
publisher = {Oldenbourg Wissenschaftsverlag},
title = {Integrating Security Aspects into Business Process Models},
title_de = {Integration von Sicherheitsaspekten in Gesch{\"a}ftsprozessmodelle},
url = {https://www.brucker.ch/bibliography/abstract/brucker-securebpmn-2013},
volume = {55},
year = {2013},
}