Designing secure business processes from organisational goal models

Argyropoulos, Nikolaos

January 2018

Business processes are essential instruments used for the coordination of organisational activities in order to produce value in the form of products and services. Information security is an important non-functional characteristic of business processes due to the involvement of sensitive data exchanged between their participants. Therefore, potential security shortfalls can severely impact organisational reputation, customer trust and cause compliance issues. Nevertheless, despite its importance, security is often considered as a technical concern and treated as an afterthought during the design of information systems and the business processes which they support. The consideration of security during the early design stages of information systems is highly beneficial. Goal-oriented security requirements engineering approaches can contribute to the early elicitation of system requirements at a high level of abstraction and capture the organisational context and rationale behind design choices. Aligning such requirements with process activities at the operational level augments the traceability between system models of different abstraction levels and leads to more robust and context-aware operationalisations of security. Therefore, there needs to be a well-defined and verifiable interconnection between a system’s security requirements and its business process models. This work introduces a framework for the design of secure business process models. It uses security-oriented goal models as its starting point to capture a socio-technical view of the system to-be and its security requirements during its early design stages. Concept mappings and model transformation rules are also introduced as a structured way of extracting business process skeletons from such goal models, in order to facilitate the alignment between the two different levels of abstraction. The extracted business process skeletons, are refined to complete business process models through the use of a set of security patterns, which standardise proven solutions to recurring security problems. Finally, the framework also offers security verification capabilities of the produced process models through the introduction of security-related attributes and model checking algorithms. Evaluation of this work is performed: (i) through individual evaluation of its components via their application in real-life systems, (ii) a workshop-based modelling exercise where participants used and evaluated parts of the framework and (iii) a case study from the public administration domain where the overall framework was applied in cooperation with stakeholders of the studied system. The evaluation indicated that the developed framework provides a structured approach which supports stakeholders in designing and evaluating secure business process models.

Business Process Moedlling Based Computer-aided Software Functional Requirements Generation

Su, Mehmet Onur

01 January 2004

Problems of requirements which are identified in the earlier phase of a software development project can deeply affect the success of the project. Thus studies which aim to decrease these problems are crucial. Automation is foreseen to be one of the possible solutions for decreasing or removing some of the problems originating from requirements. This study focuses on the development and implementation of an automated tool that will generate requirements in natural language from business process models. In this study, The benefits of the tool are discussed, and the tool is compared with other software requirement s related tools with respect to their functionality. The developed tool has been tested within a large military project and the results of using the tool are presented.

QA Computer Software 76.75-76.765

An environmental management framework for DWAF related projects / Valerie du Plessis

Du Plessis, Valerie

January 2004

The purpose of this study is to revise the Department of Water Affairs and Forestry's (DWAF's) current Integrated Environmental Management (IEM) procedure and to develop an Environmental Management Framework (EMF), so as to ensure that the environment is considered in a structured, formal manner at each decision-making stage of the projects development business process. The proposed EMF provides process diagrams that align the IBM principles, the environmental assessment and management tools, and the engineering business process with the project life cycle approach for DWAF's water sector functional areas. Key decision-making points are introduced to the business process to ensure that all the specific requirements have been met before continuing to the next engineering stage of the business life cycle. Auditing nodes were identified within the life cycle approach and complement the decision-making points and strengthen the evaluation of environmental compliance and performance. These process diagrams is designed to prompt development planners and implementers to consider the environment at all stages of the business life cycle and practice sound environmental management. The EMF is based on international best practice and follows the Deming model philosophy as well as principles and elements of an environmental management system. The EMF must be an integral part in the way the department conduct its business and not seen as an ad hoc function and the duties of the environmental officer. To conclude, the EMF is the building block and interim management plan for an appropriate environmental management system in the future and the first step towards business excellence for the Department of Water Affairs and Forestry. / Thesis (M.Sc. (Geography and Environmental Studies))--North-West University, Potchefstroom Campus, 2005.

Environmental legislation

Strategic environmental management

Project life cycle

Engineering business process

Total quality management (TQM)

Water sector

An environmental management framework for DWAF related projects / Valerie du Plessis

Du Plessis, Valerie

January 2004

The purpose of this study is to revise the Department of Water Affairs and Forestry's (DWAF's) current Integrated Environmental Management (IEM) procedure and to develop an Environmental Management Framework (EMF), so as to ensure that the environment is considered in a structured, formal manner at each decision-making stage of the projects development business process. The proposed EMF provides process diagrams that align the IBM principles, the environmental assessment and management tools, and the engineering business process with the project life cycle approach for DWAF's water sector functional areas. Key decision-making points are introduced to the business process to ensure that all the specific requirements have been met before continuing to the next engineering stage of the business life cycle. Auditing nodes were identified within the life cycle approach and complement the decision-making points and strengthen the evaluation of environmental compliance and performance. These process diagrams is designed to prompt development planners and implementers to consider the environment at all stages of the business life cycle and practice sound environmental management. The EMF is based on international best practice and follows the Deming model philosophy as well as principles and elements of an environmental management system. The EMF must be an integral part in the way the department conduct its business and not seen as an ad hoc function and the duties of the environmental officer. To conclude, the EMF is the building block and interim management plan for an appropriate environmental management system in the future and the first step towards business excellence for the Department of Water Affairs and Forestry. / Thesis (M.Sc. (Geography and Environmental Studies))--North-West University, Potchefstroom Campus, 2005.

Environmental legislation

Strategic environmental management

Project life cycle

Engineering business process

Total quality management (TQM)

Water sector

Tagungsband zum 20. Interuniversitären Doktorandenseminar Wirtschaftsinformatik

Dinter, Barbara, Frenzel, Lisa, Gluchowski, Peter

25 January 2017

Das Interuniversitäre Doktorandenseminar Wirtschaftsinformatik ist eine regelmäßige Veranstaltung, in deren Rahmen Doktoranden der Universitäten Chemnitz, Dresden, Freiberg, Halle, Ilmenau, Jena und Leipzig ihr Promotionsprojekt präsentieren und sich den kritischen Fragen der anwesenden Professoren und Doktoranden aller beteiligten Universitäten stellen. Auf diese Weise erhalten die Promovierenden wertvolles Feedback zu Vorgehen, Methodik und inhaltlichen Aspekten ihrer Arbeit, welches sie für ihre Promotion nutzen können. Darüber hinaus bietet das Interuniversitäre Doktorandenseminar Wirtschaftsinformatik eine Plattform für eine fachliche Auseinandersetzung mit aktuellen Themen und sich ankündigenden Trends in der Forschung der Wirtschaftsinformatik. Zudem wird ein akademischer Diskurs über die Grenzen der jeweils eigenen Schwerpunkte der Professur hinaus ermöglicht. Das nunmehr 20. Jubiläum des Doktorandenseminars fand in Chemnitz statt. Der daraus entstandene Tagungsband enthält fünf ausgewählte Beiträge zu den Themenfeldern Service Engineering, Cloud-Computing, Geschäftsprozessmanagement, Requirements Engineering, Analytics und Datenqualität und zeigt damit anschaulich die Aktualität und Relevanz, aber auch die thematische Breite der gegenwärtigen Forschung im Bereich Wirtschaftsinformatik. / The inter-university PhD seminar Business Information Systems (“Interuniversitäres Doktorandenseminar Wirtschaftsinformatik”) is an annual one-day event which is organized by the Business Information Systems chairs of the universities of Chemnitz, Dresden, Freiberg, Halle, Ilmenau, Jena and Leipzig. It serves as a platform for PhD students to present their PhD topic and the current status of the thesis. Therefore, the seminar is a good opportunity to gain further knowledge and inspiration based on the feedback and questions of the participating professors and students. The 20th Interuniversitäre Doktorandenseminar Wirtschaftsinformatik took place in Chemnitz in October 2016. The resulting proceedings include five selected articles within the following topic areas: service engineering, cloud computing, business process management, requirements engineering, analytics und data quality. They illustrate the relevance as well as the broad range of topics in current business information systems research. In case of questions and comments, please use the contact details at the end of the articles.

info:eu-repo/classification/ddc/000

ddc:000

info:eu-repo/classification/ddc/330

ddc:330