Monday, 26 April 2010

Confidentiality & BPM


Confidentiality is one of the three core security goals. Security has always defined confidentiality, integrity, and availability to be the core principles of information security, these three, also know as the “CIA triad”, are the hard security requirements (Allen, 2001).
Confidentiality was defined by the International Organization for Standardization (ISO) in ISO-17799 as "ensuring that information is accessible only to those authorized to have access". So basically confidentiality is to make sure that unauthorized personal will not get access to the information, and that can be easily reflect on BPM and need for it in BPM can be seen.
Vijay Atluri (2002) defines confidentiality in BPM terms when he says: “This refers to unauthorized disclosure of information including the workflow specification, and the workflow instances during its execution”.  Alhaqbani et al. (2010) in terms of distinguishing between privacy and confidentiality they say that data confidentiality aim to give the owner of the data control over its accessibility.                                       
An example to show the importance on confidentiality in BPM lets take an example of an “Payment” process in an on line parches. For the example let us assume that Adam wants to buy something from company’s “A” website. One important part of the parches process is the payment process, where the website offers the use of credit card, during this process Adam has the right to ask for his credit card information to e hidden and that non of the employees working in this company can see it; while this process can not be completed without Adam providing such information. So this is a case here information needed to be entered to the process while also the owner of the information requires a confidentiality restriction on this information. This is a case shows how important it is to have confidentiality control in BPM.
Currently there are not any specific solution that was proposed to as a solution to the confidentiality problem in BPM, but the work done by Alhaqbani et al. (2010), which was a solution for the privacy, is an outstanding solution and also can be used to solve the confidentiality requirement, there solution can be easily modified to be used also as a confidentiality solution.

-------------------------------
All Rights reserved @ Khalid Alissa 2010.

No comments:

Post a Comment