[1] F. D’Aubeterre, R. Singh, and L. Iyer. Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes. European Journal of Information Systems, 17(5):528 – 542, 2008.
This paper addresses the question: "how can we integrate security as a functional requirement in the analysis and modelling of business processes?"
The paper start with showing the importance of considering the security requirements from the beginning and considering them as functional requirements as that will make analysts have greater security awareness in their analysis of the requirements of secure business processes". The Authors of this paper developed "secure activity resource coordination (SARC)" conceptualization, which is designed to view security as a functional requirement in the analysis and modelling of the activities in a business process.
The
paper then gave the 5 rules that are considered the "modelling concepts,
and grammar for SARC secure business processes:
1.
Actors fulfil organizational roles.
2.
Organizational roles are authorized to perform business activities.
3.
Business activities are permitted to read, write, delete, or create information
resources.
4.
Dependencies do not exist directly between business activities. Business
activities cannot directly produce or consume another business activity.
5.
Business activities have a sharing, fit or flow coordination dependency with an
information resource”.
Then
it gave an experimental example to show how "business process models
developed using SARC generates higher awareness of security constraints in modelling
the secure exchange of information resources in coordinated business
processes". The paper focused on "non-repudiation", "access
control", and "segregation of duties" as an example for security
requirements.
The
paper concludes that SARC can be used by business analysts to analyse and model
secure business processes, and that it effectively incorporate security
requirements in the conceptualization of business processes.
Relation
to research in hand; this paper provides a methodology (SARC) to integrating
security requirements in Business processes, which is an important part of the literature
review for the research. The idea of this paper, and the output is closely
related to the idea of the research in hand, and it might form a small part of
the big picture of the research idea.
No comments:
Post a Comment