Skip to main content

The use of business process modelling in information systems security analysis and design

Buy Article:

$54.08 plus tax (Refund Policy)

Abstract:

The increasing reliance of organisations on information systems connected to or extending over open data networks has established information security as a critical success factor for modern organisations. Risk analysis appears to be the predominant methodology for the introduction of security in information systems (IS). However, risk analysis is based on a very simple model of IS as consisting of assets, mainly data, hardware and software, which are vulnerable to various threats. Thus, risk analysis cannot provide for an understanding of the organisational environment in which IS operate. We believe that a comprehensive methodology for information systems security analysis and design (IS-SAD) should incorporate both risk analysis and organisational analysis, based on business process modelling (BPM) techniques. This paper examines the possible contribution of BPM techniques to IS-SAD and identifies the conceptual and methodological requirements for a technique to be used in this context. Based on these requirements, several BPM techniques have been reviewed. The review reveals the need for either adapting and combining current techniques or developing new, specialised ones.

Keywords: Business Process Analysis; Computer Security; Information Systems; Modelling; Risk

Document Type: Research Article

DOI: http://dx.doi.org/10.1108/09685220010339192

Publication date: March 1, 2000

Access Key

Free Content
Free content
New Content
New content
Open Access Content
Open access content
Subscribed Content
Subscribed content
Free Trial Content
Free trial content
Cookie Policy
X
Cookie Policy
Ingenta Connect website makes use of cookies so as to keep track of data that you have filled in. I am Happy with this Find out more