Modeling and Assessing the Impact of Security Attacks on Enterprise Information Systems

Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 183)


Information systems (IS) are considered as a necessary component for majority of corporate enterprises since they ensure the storage, the processing and the exchange of enterprise data, that are the main functions for an IS composed of heterogeneous components including servers, networks, personnel, policies, etc. The success of an enterprise depends enormously on the quality of the deployed IS and the capability of such system to react against internal and external factors that may prevent the abovementioned functions to be ensured in an efficient manner. Among the factors that may degrade the performance of ISs and even cause the end of an enterprise activity is the security attacks such as unauthorized access to IS components, denial of service, and loss of data integrity, that may target the different IS components in addition to the enterprise data. Therefore, a system for monitoring the quality of IS is among the urgent needs in order to provide for enterprises a tool that helps them to detect possible degradation, localize the affected components and then reacts in an efficient manner to maintain an acceptable level of IS quality and then ensuring the appropriate services that guarantee the satisfaction of potential enterprises customers. In this context, the paper aims to provide a way to model IS considering a set of appropriate parameters and the needed steps to decide on information security investments. A Petri net-based model has been introduced to specify and assess the impact of security attacks on corporate information system quality, provides a set of metrics to monitor the impact, and discusses the relationships that these impact may have with the degradation of business processes success. The efficiency of the proposed scheme is evaluated through a simulation for a business process related to the online sales.


Information system quality Security attack System modeling Petri nets Monitoring Assessment 


  1. 1.
    Altuhhova, O., Matulevičius, R., Ahmed, N.: Towards definition of secure business processes. In: Bajec, M., Eder, J. (eds.) CAiSE Workshops 2012. LNBIP, vol. 112, pp. 1–15. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  2. 2.
    Capek, J., Hub, M., Myskova, R.: Basic authentication procedure modelled by Petri nets. Int. J. Comput. Commun. 4(4), 103–108 (2010)Google Scholar
  3. 3.
    Delone, W.H., McLean, E.R.: The delone and mclean model of information systems success: a ten-year update. J. Manage. Inf. Syst. 19(4), 9–30 (2003)Google Scholar
  4. 4.
    Keen, C., Lakos, C.: Information systems modelling using LOOPN++, an object Petri net scheme. In: Proceedings of 4th International Working Conference on Dynamic Modelling and Information Systems, pp. 28–30, 31–52. University Press (1994)Google Scholar
  5. 5.
    Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: ARES, pp. 41–48. IEEE Computer Society (2009)Google Scholar
  6. 6.
    Oberweis, A., Sander, P.: Information system behavior specification by high level Petri nets. ACM Trans. Inf. Syst. 14(4), 380–420 (1996)CrossRefGoogle Scholar
  7. 7.
    Paja, E., Giorgini, P., Paul, S., Meland, P.H.: Security requirements engineering for secure business processes. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 77–89. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  8. 8.
    Petter, S., DeLone, W.H., McLean, E.R.: Measuring information systems success: models, dimensions, measures, and interrelationships. EJIS 17(3), 236–263 (2008)Google Scholar
  9. 9.
    Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. 90(4), 745–752 (2007)CrossRefGoogle Scholar
  10. 10.
    Ge, X., Paige, R.F., McDermid, J.A.: Failures of a business process in enterprise systems. In: Cruz-Cunha, M.M., Varajão, J., Powell, P., Martinho, R. (eds.) CENTERIS 2011, Part I. CCIS, vol. 219, pp. 139–146. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  11. 11.
    Zegzhda, P.D., Zegzhda, D.P., Kalinin, M.O., Konoplev, A.S.: Security modeling of grid systems using Petri nets. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 299–308. Springer, Heidelberg (2012) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Communication Networks and Security Research Lab. Sup’ComUniversity of CarthageCarthageTunisia

Personalised recommendations