The Community for Technology Leaders
Green Image
Issue No. 02 - April-June (2011 vol. 4)
ISSN: 1939-1374
pp: 153-166
G Quirchmayr , Fac. of Comput. Sci., Univ. of Vienna, Vienna, Austria
S Goluch , Secure Bus. Austria, Austrian IT Security Competence Center, Vienna, Austria
G Kitzler , Secure Bus. Austria, Austrian IT Security Competence Center, Vienna, Austria
G Goluch , Secure Bus. Austria, Austrian IT Security Competence Center, Vienna, Austria
S Jakoubi , Secure Bus. Austria, Austrian IT Security Competence Center, Vienna, Austria
S Tjoa , St. Polten Univ. of Appl. Sci., St. Polten, Austria
ABSTRACT
The effective, efficient and continuous execution of business processes is crucial for meeting entrepreneurial goals. Business process modeling and simulation are used to enable desired business process optimizations. However, current approaches mainly focus on economic aspects while security aspects are dealt with in separate initiatives. This missing interconnection may lead to significant differences in improvement suggestions, such as the differing valuation of security investments (e.g., redundancy of systems). The major contribution of this paper is the introduction of a formal model that is capable of expressing the relations between threats, detection mechanisms, safeguards, recovery measures and their effects on business processes. This novel business process simulation capability paves the way for the evaluation of security investments at process design stage by allowing the consideration of stochastic influences of the occurrence of threats on process activities and resources in a unified way. A stylized business case outlines how our method can be applied to real world scenarios.
INDEX TERMS
Security, Unified modeling language, Risk management, Computational modeling, Biological system modeling, Business continuity, security enablement methods and tools., Business process reengineering, consulting and strategic planning
CITATION
G Quirchmayr, S Goluch, G Kitzler, G Goluch, S Jakoubi, S Tjoa, "A Formal Approach Enabling Risk-Aware Business Process Modeling and Simulation", IEEE Transactions on Services Computing, vol. 4, no. , pp. 153-166, April-June 2011, doi:10.1109/TSC.2010.17
93 ms
(Ver )