Business Security Design Improvement Using Digitization

In this simulation study, the facilities were not crowded. The reading environment in these businesses was also observed to be promising in such a way that they were marked by good lighting, minimal noise, and adequate ventilation. Another physical aspect concerned the stock of books. In particular, the businesses displayed a state of variety whereby these books were arranged based on the broad and specific subjects to which they belonged. The use of technology was another dominant feature in the three businesses and this trend can be linked to the pressure towards keeping abreast with changing technologies and the evolution of business user demands in these institutions. Apart from the availability of books in physical form, sections of the copies were available in the soft copy and this feature was pronounced in the case of the high business center. The businesses were also different in terms of the overall physical sizes but this attribute could be attributed to the differences in the expected number of users. For example, the middle school and high school businesses were larger compared to the elementary business center visited but this outcome could be explained by the smaller number of business users in the selected elementary school. Hence, it can be inferred that the expected number of users dictates the overall and physical size of a business center

A 3-D security modeling platform for social IoT environments

Social Internet-of-Things (SIoT) environment comprises not only smart devices but also the humans who interact with these IoT devices. The benefits of such system are overshadowed due to the cyber security issues. A novel approach is required to understand the security implication under such a dynamic environment while taking both the social and technical aspects into consideration. This paper addressed such challenges and proposed a 3-D security modeling platform that can capture and model the security requirements in the SIoT environment. The modeling process is graphical notation based and works as a security extension to the Business Process Model and Notation. Still, it utilizes the latest 3-D game technology; thus, the security extensions are generated through the third dimension. Consequently, the introduction of security extensions will not increase the complexity of the original SIoT scenario, while keeping all the key information on the same platform. Together with the proposed security ontology, these comprehensive security notations created a unique platform that aims at addressing the ever complicated security issues in the SIoT environment

A 3D Security Modelling Platform for Social IoT Environments

Social IoT environment comprises not just smart devices, but also the humans to interact with these IoT devices. The benefits of such system are overshadowed by the issues of cyber security. A new approach is required for us to understand the security implication under such dynamic environment, while taking both the social and technical aspects into consideration. This paper proposed a 3D security modelling platform that can capture and model security requirements in Social IoT environment. The modelling process is graphical notation based, working as a security extension to Business Process Model and Notation. Still, it utilises the latest 3D game technology thus the security extensions are generated through the third dimension. In this way, the introduction of security extensions will not increase the complexity of the original SIoT scenario, while keeping all the key information in the same platform. Together with the security ontology we have proposed, these comprehensive security notations created a unique platform that aiming at addressing the ever complicated security issues in SIoT envorinment

Modellierung klinischer Prozesse und Compliance Regeln mittels BPMN 2.0 und eCRG

Die Kooperationen zwischen verschiedenen Organisationsbereichen verursachen eine Vielzahl an komplexen Strukturen und Prozessen in medizinischen Einrichtungen. Daher sind eindeutige und klar formulierte Strukturen und Prozesse für Kliniken essentiell. Sinnvoll ist es, die Prozesse mit einer standardisierten Prozessmodellierungssprache abzubilden. Die standardisierte Beschreibung von Prozessen verfolgt mehrere Zielsetzungen. Erstens bieten insbesondere grafische Prozessmodelle fachlichen Anwendern sowie Anwendungsentwicklern eine grafische Basis für die gemeinsame Kommunikation. Zweitens lassen sich Prozessdokumentationen zur ISO-Zertifizierung und damit zum Qualitätsmanagement nutzen. Die Bedeutung des Business Process Managements wird zur Risikominimierung der Geschäftsprozesse demnach weiterhin zunehmen. Drittens werden Prozesse definiert, um Gesetzen und Vorschriften im Rahmen des Compliance Managements Rechnung tragen zu können. Das Stichwort Compliance ist im klinischen Umfeld hochrelevant. Zur Einhaltung von Compliance werden Compliance Regeln definiert. Zum einen können Compliance Regeln unternehmensinterne Vorgaben (z.B. Qualitätsanforderungen, Hygienestandards) umfassen und zum anderen von externer Seite (z.B. Deutscher Corporate Governance Kodex, Basel II, Sarbanes-Oxley Act) vorgegeben werden. Unter Business Process Compliance wird der Ablauf von Geschäftsprozessen im Einklang mit eben solchen Compliance Regeln verstanden. Da ein Verstoß gegen gesetzliche Vorgaben, aber auch unternehmensinterne Bestimmungen, sowohl ein hohes wirtschaftliches Risiko birgt, als auch zu gravierenden Reputationsverlusten führen kann, ist die Einhaltung solcher Compliance Regeln in Kliniken von hoher Bedeutung. In dieser Masterarbeit wird daher die Dokumentation klinischer Prozesse durch die standardisierte Prozessmodellierungssprache Business Model and Notation 2.0 (BPMN 2.0) und die Bedeutung ableitbarer Compliance Regeln mittels extended Compliance Rule Graphs (eCRG) untersucht und bewertet. Dazu werden verschiedene klinische Prozesse der Ulmer Frauenklinik betrachtet, welche als Prozessdokumentationen im Rahmen einer Fallstudie von 1996 vorliegen. Diese klinischen Prozesse werden bisher durch eine objektorientierte Modellierung bzw. Ereignisprozessketten (EPK) visualisiert und analysiert. In dieser Masterarbeit werden sie auf den aktuellen Standard BPMN 2.0 übertragen. Dies basiert auf einer Ist-Analyse der Prozessdokumentationen. Welche außerdem zur Abbildung der Organisationsstruktur der Klinik und einer Einordnung der Prozesse in die Organisationsstruktur führt. Dabei werden die beteiligten Organisationsbereiche für die einzelnen klinischen Prozesse sichtbar. Die Prozessmodelle betreffen dabei Abläufe der Klinik wie z.B. den Ablauf einer Laboruntersuchung oder einer Operation bzw. einer ambulanten Chemotherapie oder radiologischen Untersuchung. Außerdem werden die in den Erläuterungstexten enthaltenen Compliance Regeln erfasst und mittels eCRG modelliert. Unter anderem wird erörtert, ob die Compliance Regeln mithilfe von eCRG ausreichend modellierbar sind. Daneben wird eine Evaluation der grafischen Modellierung vorgenommen

Abstraction, Visualization, and Evolution of Process Models

The increasing adoption of process orientation in companies and organizations has resulted in large process model collections. Each process model of such a collection may comprise dozens or hundreds of elements and captures various perspectives of a business process, i.e., organizational, functional, control, resource, or data perspective. Domain experts having only limited process modeling knowledge, however, hardly comprehend such large and complex process models. Therefore, they demand for a customized (i.e., personalized) view on business processes enabling them to optimize and evolve process models effectively. This thesis contributes the proView framework to systematically create and update process views (i.e., abstractions) on process models and business processes respectively. More precisely, process views abstract large process models by hiding or combining process information. As a result, they provide an abstracted, but personalized representation of process information to domain experts. In particular, updates of a process view are supported, which are then propagated to the related process model as well as associated process views. Thereby, up-to-dateness and consistency of all process views defined on any process model can be always ensured. Finally, proView preserves the behaviour and correctness of a process model. Process abstractions realized by views are still not sufficient to assist domain experts in comprehending and evolving process models. Thus, additional process visualizations are introduced that provide text-based, form-based, and hierarchical representations of process models. Particularly, these process visualizations allow for view-based process abstractions and updates as well. Finally, process interaction concepts are introduced enabling domain experts to create and evolve process models on touch-enabled devices. This facilitates the documentation of process models in workshops or while interviewing process participants at their workplace. Altogether, proView enables domain experts to interact with large and complex process models as well as to evolve them over time, based on process model abstractions, additional process visualizations, and process interaction concepts. The framework is implemented in a proof-ofconcept prototype and validated through experiments and case studies