Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes
- UNCG Author/Contributor (non-UNCG co-authors, if there are any, appear on document)
- Lakshmi S. Iyer, Associate Professor (Creator)
- Rahul Singh, Associate Professor (Creator)
- Institution
- The University of North Carolina at Greensboro (UNCG )
- Web Site: http://library.uncg.edu/
Abstract: Systems development methodologies incorporate security requirements as an afterthought in the non-functional requirements of systems. The lack of appropriate access control on information exchange among business activities can leave organizations vulnerable to information assurance threats. The gap between systems development and systems security leads to software development efforts that lack an understanding of security risks. We address the research question: how can we incorporate security as a functional requirement in the analysis and modeling of business processes? This study extends the Semantic approach to Secure Collaborative Inter-Organizational eBusiness Processes in D’Aubeterre et al. (2008). In this study, we develop the secure activity resource coordination (SARC) artifact for a real-world business process. We show how SARC can be used to create business process models characterized by the secure exchange of information within and across organizational boundaries. We present an empirical evaluation of the SARC artifact against the Enriched-Use Case (Siponen et al., 2006) and standard UML-Activity Diagram to demonstrate the utility of the proposed design method.
Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes
PDF (Portable Document Format)
1272 KB
Created on 3/10/2011
Views: 3230
Additional Information
- Publication
- European Journal of Information Systems, 17 (5), 528-543.
- Language: English
- Date: 2008
- Keywords
- Secure business process, Role-based access control, Activity–resource coordination, Security awareness, Secure systems design