Confidentiality is one of the three core security goals.
Security has always defined confidentiality, integrity, and availability to be
the core principles of information security, these three, also know as the “CIA
triad”, are the hard security requirements (Allen,
2001).
Confidentiality
was defined by the International Organization for Standardization (ISO) in
ISO-17799 as "ensuring that information is accessible only to those
authorized to have access". So basically confidentiality is to make sure
that unauthorized personal will not get access to the information, and that can
be easily reflect on BPM and need for it in BPM can be seen.
Vijay Atluri (2002)
defines confidentiality in BPM terms when he says: “This refers to unauthorized
disclosure of information including the workflow specification, and the
workflow instances during its execution”.
Alhaqbani et al. (2010) in terms of distinguishing between privacy and
confidentiality they say that data confidentiality aim to give the owner of the
data control over its accessibility.
An example to show the
importance on confidentiality in BPM lets take an example of an “Payment”
process in an on line parches. For the example let us assume that Adam wants to
buy something from company’s “A” website. One important part of the parches
process is the payment process, where the website offers the use of credit
card, during this process Adam has the right to ask for his credit card
information to e hidden and that non of the employees working in this company
can see it; while this process can not be completed without Adam providing such
information. So this is a case here information needed to be entered to the
process while also the owner of the information requires a confidentiality restriction
on this information. This is a case shows how important it is to have
confidentiality control in BPM.
Currently there are not
any specific solution that was proposed to as a solution to the confidentiality
problem in BPM, but the work done by Alhaqbani et al. (2010), which was a
solution for the privacy, is an outstanding solution and also can be used to
solve the confidentiality requirement, there solution can be easily modified to
be used also as a confidentiality solution.
-------------------------------
All Rights reserved @ Khalid Alissa 2010.
No comments:
Post a Comment