Skip to main content

Towards a Detective Approach to Process-Centered Resilience

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8203)

Abstract

Protection of today’s interconnected and complex information infrastructures is of high priority. Traditionally, protection means robustness: preventively identify the threats to business processes and propose countermeasures within the context of a risk analysis. This, however, only covers known risks having punctual effects upon the IT infrastructure. In contrast, the notion of resilience, as a refinement of trustworthiness, is getting attention both in academia and within organizations as a denominator to move beyond survival and even prosper in the face of adverse conditions. This paper reports on ongoing work towards the development of PREDEC, a detective framework to realize resilience in the context of business processes. Specifically, it firstly motivates the need for operational resilience and corresponding tool support at the level of processes. Secondly, it sketches the operation and building blocks of PREDEC, which currently employs process mining techniques to analyze process event logs to assess systems’ resilience. Finally, it describes the intended evaluation steps to be undertaken once PREDEC is completely implemented.

Keywords

  • Operational Resilience
  • Automated Detection
  • Process Intelligence
  • Resilient BPM

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-41098-7_12
  • Chapter length: 15 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-41098-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   72.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Accorsi, R.: Safe-keeping digital evidence with secure logging protocols: State of the art and challenges. In: Goebel, O., Ehlert, R., Frings, S., Günther, D., Morgenstern, H., Schadt, D. (eds.) Proceedings the IEEE Conference on Incident Management and Forensics, pp. 94–110. IEEE Computer Society (2009)

    Google Scholar 

  2. Accorsi, R.: Sicherheit im prozessmanagement. digma Zeitschrift für Datenrecht und Informationssicherheit (2013)

    Google Scholar 

  3. Accorsi, R., Lehmann, A.: Automatic information flow analysis of business process models. In: Barros, A., Gal, A., Kindler, E. (eds.) BPM 2012. LNCS, vol. 7481, pp. 172–187. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  4. Accorsi, R., Stocker, T.: On the exploitation of process mining for security audits: the conformance checking case. In: Ossowski, S., Lecca, P. (eds.) SAC, pp. 1709–1716. ACM (2012)

    Google Scholar 

  5. Accorsi, R., Stocker, T., Müller, G.: On the exploitation of process mining for security audits: the process discovery case. In: Proceedings of the ACM Symposium on Applied Computing, pp. 1462–1468. ACM (2013)

    Google Scholar 

  6. Accorsi, R., Ullrich, M., van der Aalst, W.M.P.: Process mining. Informatik Spektrum 35(5), 354–359 (2012)

    CrossRef  Google Scholar 

  7. Allen, J.H., Curtis, P.D., Gates, L.P.: Using defined processes as a context for resilience measures (2011)

    Google Scholar 

  8. Antunes, P., Mourão, H.: Resilient business process management: Framework and services. Expert Syst. Appl. 38(2), 1241–1254 (2011)

    CrossRef  Google Scholar 

  9. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secur. Comput. 1(1), 11–33 (2004)

    CrossRef  Google Scholar 

  10. Balasubramanian, S., Gupta, M.: Structural metrics for goal based business process design and evaluation. Business Process Management Journal 11(6), 680–694 (2005)

    CrossRef  Google Scholar 

  11. Basin, D.A., Burri, S.J., Karjoth, G.: Optimal workflow-aware authorizations. In: ACM Symposium on Access Control Models and Technologies, pp. 93–102. ACM (2012)

    Google Scholar 

  12. Boin, A., McConnell, A.: Preparing for critical infrastructure breakdowns: The limits of crisis management and the need for resilience. Journal of Contingencies & Crisis Management 15(1), 50–59 (2007)

    CrossRef  Google Scholar 

  13. Borgatti, S.P., Everett, M.G., Freeman, L.C.: UCINET for windows: Software for social network analysis. In: Analytic Technologies, Harvard (2002)

    Google Scholar 

  14. Butler, B.S., Gray, P.H.: Reliability, mindfulness, and information systems. MIS Quarterly 30(2), 211–224 (2006)

    Google Scholar 

  15. Caralli, R.A., Allen, J.H., Curtis, P.D., Young, L.R.: Cert resilience management model, version 1.0 (2010)

    Google Scholar 

  16. Diesner, J., Frantz, T.L., Carley, K.M.: Communication networks from the enron email corpus “It’s always about the people. enron is no different”. Computational & Mathematical Organization Theory 11(3), 201–228 (2005)

    CrossRef  MATH  Google Scholar 

  17. Etzion, O.: Complex event processing. In: Liu, L., Özsu, M.T. (eds.) Encyclopedia of Database Systems, pp. 412–413. Springer, Heidelberg (2009)

    Google Scholar 

  18. Fdhila, W., Rinderle-Ma, S., Reichert, M.: Change propagation in collaborative processes scenarios. In: CollaborateCom, pp. 452–461. IEEE (2012)

    Google Scholar 

  19. Fenz, S., Ekelhart, A., Neubauer, T.: Business process-based resource importance determination. In: Dayal, U., Eder, J., Koehler, J., Reijers, H.A. (eds.) BPM 2009. LNCS, vol. 5701, pp. 113–127. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  20. Fenz, S., Neubauer, T., Accorsi, R., Koslowski, T.: FORISK: Formalizing information security risk and compliance management. In: Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2013)

    Google Scholar 

  21. Fischbach, D.K., Gloor, D.P.A., Schoder, P.D.D.: Analysis of informal communication networks - a case study. Business & Information Systems Engineering 1(2), 140–149 (2009)

    CrossRef  Google Scholar 

  22. Fisher, D., Dourish, P.: Social and temporal structures in everyday collaboration. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2004, pp. 551–558. ACM, New York (2004)

    CrossRef  Google Scholar 

  23. Freiling, F.C., Schwittay, B.: A common process model for incident response and computer forensics. In: IMF, pp. 19–40 (2007)

    Google Scholar 

  24. Harrington, H.J.: Business process improvement: The breakthrough strategy for total quality, productivity, and competitiveness. McGraw-Hill, New York (1991)

    Google Scholar 

  25. Hollnagel, E., Woods, D.D., Leveson, N. (eds.): Resilience engineering: Concepts and precepts. Ashgate, Aldershot and England and and Burlington and VT (2006)

    Google Scholar 

  26. Jakoubi, S., Tjoa, S., Goluch, G., Quirchmayr, G.: A survey of scientific approaches considering the integration of security and risk aspects into business process management. In: DEXA Proceedings of the 20th International Workshop on Database and Expert Systems Application, pp. 127–132.

    Google Scholar 

  27. Janssen, M.A., Bodin, O., Anderies, J.M., Elmqvist, T., Ernstson, H., McAllister, R.R., Olsson, P., Ryan, P.: Toward a network perspective of the study of resilience in social-ecological systems. Ecology and Society 11(1), 15 (2006)

    Google Scholar 

  28. Koslowski, T.G., Geoghegan, W., Longstaff, P.H.: Organizational resilience: A review and reconceptualization. In: Barr, P., Rothaermel, F. (eds.) 33rd Annual International Conference of the Strategic Management Society, Atlanta, VA, September 28-October 1 (2013)

    Google Scholar 

  29. Longstaff, P.H., Koslowski, T.G., Geoghegan, W.: Translating resilience: A framework to enhance communication and implementation. In: 5th International Symposium on Resilience Engineering, Soesterberg, Netherlands, June 25-27 (2013)

    Google Scholar 

  30. McCann, J.E., Selsky, J.W.: Mastering turbulence: The essential capabilities of agile and resilient individuals, teams, and organizations, 1st edn. Jossey-Bass, San Franciso (2012)

    Google Scholar 

  31. Meyer, J.F.: Model-based evaluation of system resilience. In: Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2013)

    Google Scholar 

  32. Müller, G., Koslowski, T.G., Accorsi, R.: Resilience - a new research field in business information systems? In: Proceedings of the 16th International Conference on Business Information Systems. Springer, Heidelberg (2013)

    Google Scholar 

  33. Ogata, H., Yano, Y., Furugori, N., Jin, Q.: Computer supported social networking for augmenting cooperation. Computer Supported Cooperative Work (CSCW) 10(2), 189–209 (2001)

    CrossRef  Google Scholar 

  34. Scott, J.: Social network analysis. Sage, Newbury Park (1991)

    Google Scholar 

  35. Sterbenz, J., Cetinkaya, E., Hameed, M., Jabbar, A., Rohrer, J.: Modelling and analysis of network resilience. In: 2011 Third International Conference on Communication Systems and Networks (COMSNETS), pp. 1–10 (2011)

    Google Scholar 

  36. Suriadi, S., Weiss, B., Winkelmann, A., ter Hofstede, A., Wynn, M., Ouyang, C., Adams, M., Conforti, R., Fidge, C., La Rosa, M., et al.: Current research in risk-aware business process management-overview, comparison, and gap analysis. QUT ePrints, 50606 (2012)

    Google Scholar 

  37. van der Aalst, W.: Process Mining – Discovery, Conformance and Enhancement of Business Processes. Springer (2011)

    Google Scholar 

  38. van der Aalst, W.M.P., Reijers, H.A., Song, M.: Discovering social networks from event logs. Comput. Supported Coop. Work 14(6), 549–593 (2005)

    CrossRef  Google Scholar 

  39. Wang, Q., Li, N.: Satisfiability and resiliency in workflow authorization systems. ACM Trans. Inf. Syst. Secur. 13(4), 40 (2010)

    CrossRef  Google Scholar 

  40. Wasserman, S., Faust, K.: Social Network Analysis: Methods and Applications (Structural Analysis in the Social Sciences). Cambridge University Press (1994)

    Google Scholar 

  41. Weick, K.E., Sutcliffe, K.M.: Managing the unexpected: Resilient performance in an age of uncertainty, 2nd edn. Jossey-Bass, San Francisco (2007)

    Google Scholar 

  42. Wolter, K.: Resilience assessment and evaluation of computing systems. Springer, Berlin, London (2012)

    CrossRef  Google Scholar 

  43. Yen, V.C.: An integrated model for business process measurement. Business Process Management Journal 15(6), 865–875 (2009)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Koslowski, T., Zimmermann, C. (2013). Towards a Detective Approach to Process-Centered Resilience. In: Accorsi, R., Ranise, S. (eds) Security and Trust Management. STM 2013. Lecture Notes in Computer Science, vol 8203. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41098-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-41098-7_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-41097-0

  • Online ISBN: 978-3-642-41098-7

  • eBook Packages: Computer ScienceComputer Science (R0)