Business Process-Based Resource Importance Determination

Fenz, Stefan; Ekelhart, Andreas; Neubauer, Thomas

doi:10.1007/978-3-642-03848-8_9

Cited by 12 publications

(9 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to the identified shortcomings of existing approaches, and the recurring nature of this step, we developed a methodology [cf. Fenz, Ekelhart and Neubauer, 2009] to automatically determine asset importance values through business process analysis. The following paragraph briefly outlines how we use the method in the context of information security risk management.…”

Section: ) Control Identification and Evaluationmentioning

confidence: 99%

“…The advantages of this asset importance determination approach are: (1) the necessary input data is restricted to machine-interpretable business process representations including required resources and the importance of the business process, and (2) assuming that the required input data is already available, our approach provides ISRM with fast results for resource importance, which are based on the business processes' structure and resource involvement. Details on this approach can be found in Fenz, Ekelhart and Neubauer [2009]. At the moment, the automatic importance determination addresses only the security attribute availability.…”

Section: Business Process Importance Determinationmentioning

confidence: 99%

See 1 more Smart Citation

Information Security Risk Management: In Which Security Solutions Is It Worth Investing?

Fenz

Ekelhart²,

Neubauer

2011

CAIS

Self Cite

View full text Add to dashboard Cite

As companies are increasingly exposed to information security threats, decision makers are permanently forced to pay attention to security issues. Information security risk management provides an approach for measuring the security through risk assessment, risk mitigation, and risk evaluation. Although a variety of approaches have been proposed, decision makers lack well-founded techniques that (1) show them what they are getting for their investment, (2) show them if their investment is efficient, and (3) do not demand in-depth knowledge of the IT security domain. This article defines a methodology for management decision makers that effectively addresses these problems. This work involves the conception, design, and implementation of the methodology into a software solution. The results from two qualitative case studies show the advantages of this methodology in comparison to established methodologies.

show abstract

Section: ) Control Identification and Evaluationmentioning

confidence: 99%

Section: Business Process Importance Determinationmentioning

confidence: 99%

Information Security Risk Management: In Which Security Solutions Is It Worth Investing?

Fenz

Ekelhart²,

Neubauer

2011

CAIS

Self Cite

View full text Add to dashboard Cite

show abstract

“…AURUM is a framework for automated information security risk management [6,10,7]. As basis for their research, the authors identify the following questions which have to be addressed by organizations: (1) What are potential threats for my organization?, (2) How probable are these threats?, (3) Which vulnerabilities could be exploited by such threats?, (4) Which controls are required to most effectively mitigate these vulnerabilities?, (5) What is the potential impact of a particular threat?, (6) What is the value of security investments?, and finally (7) In which security solutions is it worth investing?…”

Section: Related Workmentioning

confidence: 99%

Risk-Aware Business Process Management—Establishing the Link Between Business and Security

Jakoubi

Tjoa

Goluch

et al. 2010

Complex Intelligent Systems and Their Applications

View full text Add to dashboard Cite

Companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies predominantly apply business process management concepts. The substantial consideration of robustness and continuity of operations is performed in other domains such as risk or business continuity management. Applying these domains separately, analysis results may significantly differ as valuations from an economic and risk point of view may lead to deviating improvement recommendations. Observing developments in the past years one can see that regulative bodies, the industry as well as the research community laid a special focus on the tighter integration of business process and risk management. Consequently, the integrated consideration of economic, risk and security aspects when analyzing and designing business processes delivers enormous value to achieve these requirements. In this chapter, we present an survey about selected scientific approaches tackling the challenge of integrating economic and risk aspects. Furthermore, we present a methodology enabling the risk-aware modeling and simulation of business processes.

show abstract

“…AURUM: A Framework for Automated Information Security Risk Management [15], [16], [17]. As basis for their research, the authors identify the following questions which have to be addressed by organizations: (1) What are potential threats for my organization?, (2) How probable are these threats?, (3) Which vulnerabilities could be exploited by such threats?, (4) Which controls are required to most effectively mitigate these vulnerabilities?, (5) What is the potential impact of a particular threat?, (6) What is the value of security investments?, and finally (7) In which security solutions is it worth investing?…”

Section: Introductionmentioning

confidence: 99%

A roadmap to risk-aware business process management

Jakoubi

Neubauer

Tjoa

2009

2009 IEEE Asia-Pacific Services Computing Conference (APSCC)

Self Cite

View full text Add to dashboard Cite

Abstract-The continuous, effective and efficient performance of business processes is the central element for entrepreneurial success. In order to achieve the abovementioned goal various disciplines are involved: The improvement from an economical viewpoint is mainly performed by the domain of business process management, whereas the consideration of risks and continuous execution of business processes is considered separately by risk management and business continuity management. We observed that this separation often leads to inefficiencies as decisions can be contradictory and a consistent information basis is missing. Therefore, we introduce our vision of risk-aware business process management that is capable of providing information for economic as well as for security disciplines.

show abstract

Business Process-Based Resource Importance Determination

Cited by 12 publications

References 15 publications

Information Security Risk Management: In Which Security Solutions Is It Worth Investing?

Information Security Risk Management: In Which Security Solutions Is It Worth Investing?

Risk-Aware Business Process Management—Establishing the Link Between Business and Security

A roadmap to risk-aware business process management

Contact Info

Product

Resources

About