Thursday, 23 December 2010

Annotated Bib.:Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes



[1] F. D’Aubeterre, R. Singh, and L. Iyer. Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes. European Journal of Information Systems, 17(5):528 – 542, 2008.

This paper addresses the question: "how can we integrate security as a functional requirement in the analysis and modelling of business processes?"
The paper start with showing the importance of considering the security requirements from the beginning and considering them as functional requirements as that will make analysts have greater security awareness in their analysis of the requirements of secure business processes". The Authors of this paper developed "secure activity resource coordination (SARC)" conceptualization, which is designed to view security as a functional requirement in the analysis and modelling of the activities in a business process.
The paper then gave the 5 rules that are considered the "modelling concepts, and grammar for SARC secure business processes:
1. Actors fulfil organizational roles.
2. Organizational roles are authorized to perform business activities.
3. Business activities are permitted to read, write, delete, or create information resources.
4. Dependencies do not exist directly between business activities. Business activities cannot directly produce or consume another business activity. 
5. Business activities have a sharing, fit or flow coordination dependency with an information resource”. 
Then it gave an experimental example to show how "business process models developed using SARC generates higher awareness of security constraints in modelling the secure exchange of information resources in coordinated business processes". The paper focused on "non-repudiation", "access control", and "segregation of duties" as an example for security requirements.
The paper concludes that SARC can be used by business analysts to analyse and model secure business processes, and that it effectively incorporate security requirements in the conceptualization of business processes.

Relation to research in hand; this paper provides a methodology (SARC) to integrating security requirements in Business processes, which is an important part of the literature review for the research. The idea of this paper, and the output is closely related to the idea of the research in hand, and it might form a small part of the big picture of the research idea.

No comments:

Post a Comment