Business Process Security Analysis – Design Time, Run Time, Audit Time

Böhr, Frank; Ly, Linh Thao; Müller, Günter

doi:10.1515/itit.2013.2001

Cited by 1 publication

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When considering security from a holistic, engineering point of view, we have to assess not only the system and the architecture, but also the human-related aspects of the business process. To establish a structured view of the PAIS architecture, three layers that are relevant to security analysis can be identified (e.g., [3]):…”

Section: Security In Pais Architecturesmentioning

confidence: 99%

A Cross-Layer Security Analysis for Process-Aware Information Systems

Leitner¹,

Ma²,

Rinderle-Ma³

2015

Preprint

View full text Add to dashboard Cite

Information security in Process-aware Information System (PAIS) relies on many factors, including security of business process and the underlying system and technologies. Moreover, humans can be the weakest link that creates pathway to vulnerabilities, or the worst enemy that compromises a well-defended system. Since a system is as secure as its weakest link, information security can only be achieved in PAIS if all factors are secure. In this paper, we address two research questions: how to conduct a cross-layer security analysis that couple security concerns at business process layer as well as at the technical layer; and how to include human factor into the security analysis for the identification of human-oriented vulnerabilities and threats. We propose a methodology that supports the tracking of security interdependencies between functional, technical, and human aspects which contribute to establish a holistic approach to information security in PAIS. We demonstrate the applicability with a scenario from the payment card industry.

show abstract

Section: Security In Pais Architecturesmentioning

confidence: 99%