Towards SecureBPMN - Aligning BPMN with the Information Assurance and Security Domain
The participation of business experts in the elicitation and formulation of Information Assurance & Security (IAS) requirements is crucial. Although business experts have security-related knowledge, there is still no formalised business process modelling notation allowing them to express this knowledge in a clear, unambiguous manner. In this paper we outline the foundational basis for SecureBPMN - a graphical security modelling extension for the BPMN 2.0. We also align the BPMN with the IAS domain in order to identify points for the extension. SecureBPMN adopts a holistic approach to IAS and is designed to serve as a ”communication bridge” between business and security experts.
Keywordsinformation security & assurance BPMN extension
Unable to display preview. Download preview PDF.
- 1.Cherdantseva, Y., Hilton, J.: Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals (May 2012), http://users.cs.cf.ac.uk/Y.V.Cherdantseva/Cherdantseva_Hilton_2012.pdf (accessed on June 22, 2012)
- 7.The OMG, Business Process Model and Notation (BPMN) Version 2.0 (January 03, 2011), http://www.omg.org/spec/BPMN/2.0 (accessed on June 22, 2012)
- 9.Jakoubi, S., Tjoa, S., Goluch, G., Quirchmayr, G.: A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management. In: International Workshop on Database and Expert Systems Applications, pp. 127–132 (2009)Google Scholar
- 10.Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Proc. GI Modellierung, vol. 127, pp. 197–212 (2008)Google Scholar
- 11.Mulle, J., Stackelberg, S., Bohm, K.: A Security Language for BPMN Process Models. Karlsruhe Reports in Informatics (September 2011)Google Scholar
- 13.Altuhhova, O., Matulevicius, R., Ahmed, N.: Towards Definition of Secure Business Processes. In: WISSE 2012, Gdansk, Poland (June 2012), http://gsya.esi.uclm.es/WISSE2012/papers/paper5.pdf (accessed on June 27, 2012)
- 14.Mayer, N.: Model-based Management of Information System Security Risk. Doctoral Thesis, University of Namur (2009)Google Scholar
- 15.Cherdantseva, Y., Hilton, J., Rana, O.: SecureBPMN - a New Approach to Achieving Synergy between Information Security and Business Process Modelling (February 2012), http://users.cs.cf.ac.uk/Y.V.Cherdantseva/SecureBPMN.pdf (accessed on June 22, 2012)
- 16.BOC Group. Risk management and compliance with ADONIS: Community Edition, http://www.adonis-community.com/fileadmin/media/documents/RM_with_ADONISCE.pdf (accessed on May 21, 2012)