From the Resource to the Business Process Risk Level

被引:0
|
作者
Fenz, S. [1 ,2 ]
机构
[1] Vienna Univ Technol, Vienna, Austria
[2] SBA Res, Vienna, Austria
来源
PROCEEDINGS OF THE SOUTH AFRICAN INFORMATION SECURITY MULTI-CONFERENCE | 2010年
关键词
Security; Information security risk management; Business process analysis;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Although a variety of information security risk management (ISRM) approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can the risk level of a business process be determined by taking the risk levels of the involved resources into account? This paper presents our research results regarding resource-based risk analysis methods in order to assign realistic figures concerning the business process risk level. With regard to business processes the research results allow the (semiautomatic) reasoning of the current security status of an organization. In this way we can support decision makers in selecting appropriate controls to reduce risks to an acceptable level; and also in making a reasonable trade-off between investments into security and the need for protection.
引用
收藏
页码:100 / 109
页数:10
相关论文
共 50 条
  • [41] Operational risk management with process control and business process modeling
    Cernauskas, Deborah
    Tarantino, Anthony
    JOURNAL OF OPERATIONAL RISK, 2009, 4 (02): : 3 - 17
  • [42] Automatic Construction of Process Template from Business Rule (Systematic Approach toward High Level Process Model)
    Sharma, Deepak Kumar
    Prakash, Naveen
    Sharma, Himani
    Singh, Dheerendra
    2014 SEVENTH INTERNATIONAL CONFERENCE ON CONTEMPORARY COMPUTING (IC3), 2014, : 419 - 424
  • [43] Multi-level Autonomic Business Process Management
    Oliveira, Karolyne
    Castro, Jaelson
    Espana, Sergio
    Pastor, Oscar
    ENTERPRISE, BUSINESS-PROCESS AND INFORMATION SYSTEMS MODELING, BPMDS 2013, 2013, 147 : 184 - 198
  • [44] Generating a Business Model Canvas through Elicitation of Business Goals and Rules from Process-Level Use Cases
    Salgado, Carlos E.
    Teixeira, Juliana
    Machado, Ricardo J.
    Maciel, Rita S. P.
    PERSPECTIVES IN BUSINESS INFORMATICS RESEARCH, BIR 2014, 2014, 194 : 276 - 289
  • [45] A Process for Assessing and Improving Business Writing at the MBA Level
    May, Gary L.
    Thompson, Margaret A.
    Hebblethwaite, Jennifer
    BUSINESS AND PROFESSIONAL COMMUNICATION QUARTERLY, 2012, 75 (03) : 252 - 270
  • [46] Risk Description Augmenting a Business Process Model
    Johnson, DeAndre A.
    Wheeler, Rayshauu
    Lambert, James H.
    2023 IEEE INTERNATIONAL SYSTEMS CONFERENCE, SYSCON, 2023,
  • [47] Integration of Risk Aspects into Business Process Modeling
    Anton, Tobias
    Lackes, Richard
    Siepermann, Markus
    INNOVATIONS IN ENTERPRISE INFORMATION SYSTEMS MANAGEMENT AND ENGINEERING, 2016, 245 : 46 - 61
  • [48] Business Process Analytics: A New Approach to Risk
    Eicher, Jill
    Ruder, David
    JOURNAL OF ALTERNATIVE INVESTMENTS, 2007, 10 (02): : 76 - 84
  • [49] Risk management for business process reengineering projects
    Kliem, RL
    INFORMATION SYSTEMS MANAGEMENT, 2000, 17 (04) : 71 - 73
  • [50] Business Process Risk Modelling in Theory and Practice
    Spacek, Miroslav
    QUALITY INNOVATION PROSPERITY-KVALITA INOVACIA PROSPERITA, 2021, 25 (01): : 55 - 72
12345