[1] T. Neubauer, M. D. Klemen, and S. Biffl. Secure business
process management: A roadmap. In ARES, pages 457–464. IEEE Computer Society,
2006.
The paper starts by defining what is
”Secure Business Process Management” (SBPM), the paper says that if the BPM
life cycle consist of analyzing, optimizing and designing the business process
in accordance with the business strategy, allocating applications and
employees, implementing and executing the processes to support information
exchange, monitoring and aggregating operational data for the purpose of
decision making and continuous improvement. Then so SBPM should take the same
life cycle and Security aspects should be present during the whole cycle.
The paper presents an idea that Security
should be a concern since the strategy definition, and Security should be
developed in parallel with the business process. Then it says that Security
measures should be modeled in the same BPM diagram. After that the authors
presented the idea that security should be valued based on the business
process. Finally the idea of the business cockpit was presented, where the
monitoring should occur, as security needs to be monitored along with the
business process.
This paper defined Secure Business Process Management and presented a research roadmap for this field. Compared to existing approaches the idea presented in this paper allows the alignment and integrated design of business processes and security objectives over the whole life cycle of a business process. The extension of existing BPM methodologies allows reducing the gap between IT- security and business activities using a combined business driven top down approach.
This paper defined Secure Business Process Management and presented a research roadmap for this field. Compared to existing approaches the idea presented in this paper allows the alignment and integrated design of business processes and security objectives over the whole life cycle of a business process. The extension of existing BPM methodologies allows reducing the gap between IT- security and business activities using a combined business driven top down approach.
Relation to research on hand, The paper is
a first step to considering security aspects in BPM, although it id not offer a
complete solution, but it gave a roadmap, and a first step in a theoretical
idea on how to integrate security aspects in BPM. The main contribution could
be the idea of early consideration of security aspects with the strategic planning,
and the paper showed how important is that.
No comments:
Post a Comment