A process without security could be dangerous, as an example a Phishing attack process would appear to be a normal process for the victim, For all what the customer knows, he was using your processes and giving you his trusted information over the phone - his trusted phone. No one can hack that, right?, so even if the process was designed in a perfect way, a process without security could be used against the business.
This is one of the reasons why security should be part of BPM, and why it is important to integrate security requirements in the process.
It is clear that both security experts and business process domain experts need to be able to identify a common abstract level where they can define their security goals together
Resource:
(McCoy, 2008)
( Wolter et al., 2008)
No comments:
Post a Comment