Integration of an Ontological Information Security Concept in Risk Aware? Business Process Management
2014 47th Hawaii International Conference on System Sciences (2008)
Waikoloa, Big Island, Hawaii
Jan. 7, 2008 to Jan. 10, 2008
priately counteract occurring threats has increasingly become a crucial success factor. Traditional business process management provides concepts for the economical optimization of processes, while risk management focuses on the design of robust business processes. While aiming at the same goal, namely the improve- ment of business, the approaches how to reach this vary, due to a different understanding of improvement. Following this, op- timizing recommendations of business process management and risk management may be contradictory. Therefore, we proposed a unified method, integrating both points of views to enable risk-aware business process management and optimization. In this paper, we briefly describe the ROPE (Risk-Oriented Process Evaluation) methodology and the Security Ontology concept, which provides a solid knowledge base for an applicable and holistic company specific IT security approach. This heavy-weight ontology provides structured knowledge regarding the relations between threats, safeguards, and assets, which are crucial for modeling processes in ROPE. We show how the integration of the Security Ontology's knowledge base enhances the applicability of the ROPE methodology leading to improved risk-aware business process management.
Stefan Jakoubi, Gernot Goluch, Simon Tjoa, and Thomas M?, Andreas Ekelhart, Stefan Fenz, "Integration of an Ontological Information Security Concept in Risk Aware? Business Process Management", 2014 47th Hawaii International Conference on System Sciences, vol. 00, no. , pp. 377, 2008, doi:10.1109/HICSS.2008.211