2,055 research outputs found
A Model-Driven Engineering approach with Diagnosis of Non-Conformance of Security Objectives in Business Process Models
Several reports indicate that the highest business
priorities include: business improvement, security, and IT management.
The importance of security and risk management is
gaining that even government statements in some cases have
imposed the inclusion of security and risk management within
business management. Risk assessment has become an essential
mechanism for business security analysts, since it allows the
identification and evaluation of any threats, vulnerabilities, and
risks to which organizations maybe be exposed. In this work, a
framework based on the concepts of Model-Driven Development
has been proposed. The framework provides different stages
which range from a high abstraction level to an executable level.
The main contribution lie in the presentation of an extension of
a business process meta-model which includes risk information
based on standard approaches. The meta-model provides necessary
characteristics for the risk assessment of business process
models at an abstract level of the approach. The framework has
been equipped with specific stages for the automatic validation of
business processes using model-based diagnosis which permits the
detection of the non-conformance of security objectives specified.
The validation stages ensure that business processes are correct
with regard to the objectives specified by the customer before
they are transformed into executable processes.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia e Innovación TIN2009-1371
The Need for Compliance Verification in Collaborative Business Processes
Compliance constrains processes to adhere to rules, standards, laws
and regulations. Non-compliance subjects enterprises to litigation and financial
fines. Collaborative business processes cross organizational and regional
borders implying that internal and cross regional regulations must be complied
with. To protect customs’ data, European enterprises must comply with the EU
data privacy regulation (general data protection regulation - GDPR) and each
member state’s data protection laws. An example of non-compliance with
GDPR is Facebook, it is accused for breaching subscriber trust. Compliance
verification is thus essential to deploy and implement collaborative business
process systems. It ensures that processes are checked for conformance to
compliance requirements throughout their life cycle. In this paper we take a
proactive approach aiming to discuss the need for design time preventative
compliance verification as opposed to after effect runtime detective approach.
We use a real-world case to show how compliance needs to be analyzed and
show the benefits of applying compliance check at the process design stag
A Security Pattern-Driven Approach toward the Automation of Risk Treatment in Business Processes
Risk management has become an essential mechanism for
business and security analysts, since it enable the identification, evalu ation and treatment of any threats, vulnerabilities, and risks to which
organizations maybe be exposed. In this paper, we discuss the need to
provide a standard representation of security countermeasures in order
to automate the selection of countermeasures for business processes. The
main contribution lies in the specification of security pattern as standard
representation for countermeasures. Classical security pattern structure
is extended to incorporate new features that enable the automatic selec tion of security patterns. Furthermore, a prototype has been developed
which support the specification of security patterns in a graphical way.Junta de Andalucía P08-TIC-04095Ministerio de Educación y Ciencia TIN2009-1371
Developing a distributed electronic health-record store for India
The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India
- …