Title Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models
Authors Varela-Vaca, Angel J., PARODY NÚÑEZ, MARÍA LUISA, Gasca, Rafael M., Gomez-Lopez, Maria T., PARODY NÚÑEZ, MARÍA LUISA
External publication No
Means IEEE Access
Scope Article
Nature Científica
JCR Quartile 1
SJR Quartile 1
JCR Impact 3.74500
Area International
Web https://www.scopus.com/inward/record.uri?eid=2-s2.0-85062950342&doi=10.1109%2fACCESS.2019.2901408&partnerID=40&md5=e18023d858b22ce5c9a60f977e73b627
Publication date 01/01/2019
ISI 000462088100001
Scopus Id 2-s2.0-85062950342
DOI 10.1109/ACCESS.2019.2901408
Abstract Organizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company's security policies. A risk may be defined as the effects of uncertainty on the achievement of the goals of a company, some of which can be associated with security aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using business processes models, in which the risk of the entire business process model derives from a combination of the single activity risks (executed in an isolated manner). In this paper, a risk assessment method is proposed to enable the analysis and evaluation of a set of activities combined in a business process model to ascertain whether the model conforms to the security-risk objectives. To achieve this objective, we use a business process extension with security-risk information to: 1) define an algorithm to verify the level of risk of process models; 2) design an algorithm to diagnose the risk of the activities that fail to conform to the level of risk established in security-risk objectives; and 3) the implementation of a tool that supports the described proposal. In addition, a real case study is presented, and a set of scalability benchmarks of performance analysis is carried out in order to check the usefulness and suitability of automation of the algorithms.
Keywords Business process management business process model security-risk assessment model-based diagnosis constraint programming
Universidad Loyola members