Friday, 16 April 2010

Security Should be Considered from the begning ..


Security
investment decision can not be regarded independently from corporate business, its strategic alignment, business processes and people; its consideration has to start at a strategic level.

So organizations today should consider parallel development of business processes and security safeguards over the whole life cycle of a process.

So the proposed idea in terms of BPM is that security measures are modeled in the same diagrams as business processes to extend the advantages of businesses process models to the field of security. Modeling of security measures allows an improvement of documentation and therefore transparency. A higher level of transparency has also influence on the security awareness because employees are directly in contact with the corporate security policy when executing their business processes.

interdependency between business processes and security measures must be considered, especially if security measures influence the performance of the business processes. But business processes are generally fixed and security measures are defined according to the given business processes.

Business process diagram must be extended with specifications that are needed for the automated execution. Additionally the specified security requirements must be integrated in the workflows, e.g. role based access control, authentication or separation of duties but also classical security aspects such as securing the network against viruses. unfortunately existing approaches neglects the integration of security objectives to BPM.

So Business processes and security issues should be developed in parallel and therefore synergy effects compared to an independent view on security and business processes can be realized.

----------------
Source:
Secure Business Process Management: A Roadmap.
Thomas Neubauer, Markus Klemen, Stefan Biffl. 2006

No comments:

Post a Comment