Needs of Service Identification for Service-Oriented Business Process Management

Since the trend of adopting SOA into enterprise applications, the needs for definition and identification of services have been recognized. There is a growing body of research carried out on the identification of different types of services. Identifying right granularity services is important: if the service is of large size, it goes against the reusability principle of SOA, whereas if the service is of small size, then it causes unnecessary computing power for implementing any business functions. Without a formal (semi)- automatic approach to identify services, it is difficult in migrating existing systems into service-oriented systems. This paper explores the need for service identification for service-oriented business process management systems. The current approaches, techniques and methods of service identification are reviewed, and limitations of the each approach is analysed. New requirements and techniques are demonstrated in creating improved dynamic services with consideration for interoperability, modularity, reusability within information environment

Розробка моделі впровадження бізнес-процесів у готельному господарстві

Запропонована модель впровадження та використання сервісно-орієнтованої системи управління бізнес-процесами підприємств готельного господарства, яка дозволяє реалізувати автоматизовані дії та надає можливість систематично та ефективно використовувати існуючі ресурси.The model of the introduction and using of service-oriented business process management enterprises of hotel industry, which allows realizing automatic operation and provides an opportunity to systematically and effectively use current resources is offered

OPBUS: Risk-aware framework for the conformance of security-quality requirements in business processes

Several reports indicate that one of the most important business priorities is the improvement of business and IT management. Nowadays, business processes and in general service-based ones use other external services which are not under their jurisdiction. Organizations do not usually consider their exposition to security risks when business processes cross organizational boundaries. In this paper, we propose a risk aware framework for security-quality requirements in business processes management. This framework is focused on the inclusion of security issues from design to execution. The framework provides innovative mechanisms based on model-based diagnosis and constraint programming in order to carry out the risk assessment of business processes and the automatic check of the conformance of security requirements.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia y Tecnología TIN2009-1371

A Security Pattern-Driven Approach toward the Automation of Risk Treatment in Business Processes

Risk management has become an essential mechanism for business and security analysts, since it enable the identification, evalu ation and treatment of any threats, vulnerabilities, and risks to which organizations maybe be exposed. In this paper, we discuss the need to provide a standard representation of security countermeasures in order to automate the selection of countermeasures for business processes. The main contribution lies in the specification of security pattern as standard representation for countermeasures. Classical security pattern structure is extended to incorporate new features that enable the automatic selec tion of security patterns. Furthermore, a prototype has been developed which support the specification of security patterns in a graphical way.Junta de Andalucía P08-TIC-04095Ministerio de Educación y Ciencia TIN2009-1371

A Model-Driven Engineering approach with Diagnosis of Non-Conformance of Security Objectives in Business Process Models

Several reports indicate that the highest business priorities include: business improvement, security, and IT management. The importance of security and risk management is gaining that even government statements in some cases have imposed the inclusion of security and risk management within business management. Risk assessment has become an essential mechanism for business security analysts, since it allows the identification and evaluation of any threats, vulnerabilities, and risks to which organizations maybe be exposed. In this work, a framework based on the concepts of Model-Driven Development has been proposed. The framework provides different stages which range from a high abstraction level to an executable level. The main contribution lie in the presentation of an extension of a business process meta-model which includes risk information based on standard approaches. The meta-model provides necessary characteristics for the risk assessment of business process models at an abstract level of the approach. The framework has been equipped with specific stages for the automatic validation of business processes using model-based diagnosis which permits the detection of the non-conformance of security objectives specified. The validation stages ensure that business processes are correct with regard to the objectives specified by the customer before they are transformed into executable processes.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia e Innovación TIN2009-1371

Rfid-based business process and workflow management in healthcare:design and implementation

The healthcare system in the United States is considered one of the most complex systems and has encountered challenges related to patient safety concerns, escalating costs, and unpredictable outcomes. Many of these problems share a common cause - a lack of efficient business process management and visibility into the real-time location, status, and condition of medical resources. The goal of this research is to propose a newly integrated system to model, automate, and monitor healthcare business processes using an automatic data collection technology to record the timing and location of activities and identify their various resources. This dissertation makes several contributions to the design and implementation of RFID-based business process and workflow management in healthcare. First, I propose a road map to implement RFID in hospitals with performance matrixes for technology evaluation, key criteria for resolution level setting, and business rules for information extraction. Second, RFID-based business process management (BPM) concepts and workflow technologies are used to transform the reprocessing procedures in a Sterile Processing Department (SPD) for the purpose of reducing infections caused by unclean reusable medical equipment. In the proposed pattern for healthcare business process management, the importance of execution status control is emphasized as a key component to handle complex and dynamic healthcare processes. A five-level framework for service-oriented business process management is designed for SPDs to share information, integrate distributed systems, and manage heterogeneous resources among multiple stakeholders. This research proposes a healthcare workflow system as a deliverable solution to manage the execution phase of reprocessing procedures, which supports the design, execution, monitoring, and automation of services supplied in SPDs. RFID techniques are adopted to collect relative real-time data for SPD performance management. Finally, by identifying key architectural requirements, the subsystems of a service-oriented architecture for the SPD workflow prototyping system, SPDFLOW, are discussed in detail. This research is the first attempt to explore healthcare workflow technologies in the SPD domain to improve the quality of reusable medical equipment and ensure patient safety

A Performance Assessment System incorporating indirect indicators and semantics

Measuring performance is key to reengineering and optimization of business processes. Although many of them cannot easilybe measured due to their quantitative or non-deterministic nature, most performance measurement systems rely on the usageof numeric parameters (Key Performance Indicators, KPIs). So, performance problems stay invisible that could be assessedby other indirect indicators like goals, complexity, maturity, relations or dependencies. In this paper, a Four-Box-Model ispresented that also includes internal process views, descriptive approaches and semantics in addition to KPIs. It offers a broadrange of possibilities to better identify performance problems and hence, to increase process performance

Developing System Security through Business Process Modelling

Äriprotsesside arusaam ja modelleerimine on üks olulisematest aspektidesttänapäevases süsteemiarenduses. Infosüsteemide modeleerimiseks on loodud erinevaid käsitlusi ning äriprotsesside modeleerimisnotatsioon on üks nendest. On teada, et BPMN aitab äriprotsesse kirjeldada, modelleerida ja optimeerida. Keerulisem on mõista kuidas saab selle käsitluse raames juhtida äriprotsesside turvalisust ning analüüüsida infosüsteemi turvariske. See aspekt muutub kaasaegsetes infosüsteemides veel komplitseeritumaks, kuna turvatud süsteemi loomiseks peavad nii äriprotsessid kui ka selle turvalisuse küsimused olema vaadeldud parallellselt, see tähendab koostoimes. Käesoleva uurimistöö eesmärgiks on analüüsida BPMN ja infosüsteemi turvariskide juhtimise vastastikkust koosmõju. BPMN’i võtmeaspektide väljaselgitamiseks ja antud modelleerimissüsteemi turvanäitajate, riskide ja riskide juhtimise mõistmiseks on antud töös kasutatud struktureeritud lähenemist. Töös uuritakse kuidas modelleerija saab BPMN’i abil väljastada turvatud süsteemi komponente, riske või riskide juhtimist. Töös ühtlustatakse BPMN keele põhikonstruktsioonid ISSRM mudeli kontseptiga. Antud uurimistöös on BPMN-i käsitluse rakendausvõimalusi vaadeldud ühe internetikaupluse näitel. Meie uurimistöö pakkub infosüsteemi analüütikule või arhitektile võimalust mõista äriprotsesse ja turvakomponente ühe modelleerimiskeele abil. Analüüs on tehtud ainult esimese keele, Descriptive modelling, tasemel. Sellega avatakse uurijale võimalus tuua paralelle erinevate modeleerimiskeelte vahel, et uurida mustreid ISSRM perekonda kuuluvate mudelite loomises.Business process modelling is one of the major aspects in the modern system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Although BPMN is a good approach to understand business processes, there is a limited work to understand how it could deal with business security and security risk management. This is a problem, since both business processes and security concerns should be understood in parallel to support a development of the secure systems. In this paper we analyse BPMN with respect to the domain model of the IS security risk management (ISSRM). We apply a structured approach to understand key aspects of BPMN and how modeller could express secure assets, risks and risk treatment using BPMN. We align the main BPMN constructs with the key concepts of the ISSRM domain model. We show applicability of our approach on a running example related to the Internet store. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defined through business processes. In addition we open a possibility for the business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model)