Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

Varela-Vaca, Ángel Jesús; Gasca, Rafael M.

doi:10.1016/j.infsof.2013.05.007

Cited by 18 publications

(18 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The related work can be divided into the following two subdivisions. Approaches [1,11,23,27] which propose risk-informed design, in which the idea of modeling business processes (in one or several stages) with risks and possible mitigation actions integrated into it are common. These models are then applied to a process model which has already been incorporated the mitigation activities.…”

Section: Literature Reviewmentioning

confidence: 99%

Managing risk for business processes: A fuzzy based multi-agent system

Feng¹,

Dou³

et al. 2015

IFS

View full text Add to dashboard Cite

Abstract. Risk management for business processes is critical to the survival and performance of organizations, and has gained the interest of practitioners and academics. In this article, a fuzzy based multi-agent system (FMAS) is proposed as a practical solution to assess the process risk state and provide recommendations for the continuous improvement of business processes. To represent uncertain and ambiguous information obtained from experts, fuzzy theory is introduced to the FMAS. A fuzzy neural network is employed to implement an analysis agent capable of detecting the risk state of business processes within a firm. Furthermore, based on the predictions yielded by the analysis agent, the recommendation agent is then able to identify the possible deviations in the inconsistent process and provide suggestions for improvement. The effectiveness of the proposed FMAS is validated by its implementation in nine firms during twelve months, and the results are presented.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Managing risk for business processes: A fuzzy based multi-agent system

Feng¹,

Dou³

et al. 2015

IFS

View full text Add to dashboard Cite

show abstract

“…These models will be used for representing the configuration parameters according to established policies. Moreover, these models allow setting constraints and attributes between the characteristics of the configurations, as it was proposed in a previous work [16], allowing a greater expressiveness of dependencies and relationships between the different characteristics related to cybersecurity.…”

Section: Introductionmentioning

confidence: 99%

CyberSPL: A Framework for the Verification of Cybersecurity Policy Compliance of System Configurations Using Software Product Lines

et al. 2019

Self Cite

View full text Add to dashboard Cite

Cybersecurity attacks affect the compliance of cybersecurity policies of the organisations. Such disadvantages may be due to the absence of security configurations or the use of default configuration values of software products and systems. The complexity in the configuration of products and systems is a known challenge in the software industry since it includes a wide range of parameters to be taken into account. In other contexts, the configuration problems are solved using Software Product Lines. This is the reason why in this article the framework Cybersecurity Software Product Line (CyberSPL) is proposed. CyberSPL is based on a methodology to design product lines to verify cybersecurity policies according to the possible configurations. The patterns to configure the systems related to the cybersecurity aspects are grouped by defining various feature models. The automated analysis of these models allows us to diagnose possible problems in the security configurations, reducing or avoiding them. As support for this proposal, a multi-user and multi-platform solution has been implemented, enabling setting a catalogue of public or private feature models. Moreover, analysis and reasoning mechanisms have been integrated to obtain all the configurations of a model, to detect if a configuration is valid or not, including the root cause of problems for a given configuration. For validating the proposal, a real scenario is proposed where a catalogue of four different feature models is presented. In this scenario, the models have been analysed, different configurations have been validated, and several configurations with problems have been diagnosed.

show abstract

“…This contribution [6] firstly provides a formalization of IT security countermeasures for business processes based on security patterns and feature models for the representation countermeasures. Subsequently, a catalogue of IT security countermeasures have been formalized [4] to enforce confidentiality, integrity, availability and authentication in business processes management systems. Feature-Oriented Domain Analysis (FODA) have been applied [4] over the catalogue of security patterns for the inference, selection, and generation of optimal configurations with regard to single and multiple objectives.…”

Section: Introductionmentioning

confidence: 99%

“…Subsequently, a catalogue of IT security countermeasures have been formalized [4] to enforce confidentiality, integrity, availability and authentication in business processes management systems. Feature-Oriented Domain Analysis (FODA) have been applied [4] over the catalogue of security patterns for the inference, selection, and generation of optimal configurations with regard to single and multiple objectives. In order to automate FODA, CP techniques have been used where two different analyses have been carried out.…”

Section: Introductionmentioning

confidence: 99%

OPBUS: A framework for improving the dependability of risk-aware business processes

Varela-Vaca

2014

AIC

Self Cite

View full text Add to dashboard Cite

Abstract. Business processes and IT infrastructure have become a cornerstone for the management of organizations. Nevertheless, business processes are ever threatened by problems due to the exposure of these processes to external and third parties outside the control of the organizations. Risk management is mostly overlooked or is taken into consideration separately from business process management with a complete lack of formalization and automation. In this work, innovative and relevant contributions based on model-based diagnosis and constraint programming techniques are proposed for enhancement the dependability of business process management from design to run-time.

show abstract

Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

Cited by 18 publications

References 39 publications

Managing risk for business processes: A fuzzy based multi-agent system

Managing risk for business processes: A fuzzy based multi-agent system

CyberSPL: A Framework for the Verification of Cybersecurity Policy Compliance of System Configurations Using Software Product Lines

OPBUS: A framework for improving the dependability of risk-aware business processes

Contact Info

Product

Resources

About