A Formal Approach Towards Risk-Aware Service Level Analysis and Planning

Jakoubi, Stefan; Tjoa, Simon; Goluch, Sigrun; Kitzler, Gerhard

doi:10.1109/ares.2010.86

Cited by 8 publications

(8 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Risk-aware Business Process Management (R-BPM) paradigm has recently emerged, aiming to integrate the two traditionally separated fields of risk management and business process management [37,69]. R-BPM promotes risks consideration in all stages of BPM and enables robust and efficient BPM within an uncertain environment.…”

Section: The Research Domain Of R-bpmmentioning

confidence: 99%

“…The integration of risks on business process level is a research topic that has been investigated by several research groups and has introduced many challenges for Risk-aware Business Process Management (R-BPM), which is considered a new management paradigm [37,46,69,72]. Some of the most fundamental challenges relate to the decision of introducing either a pure modeling approach or a pure management approach for R-BPM [56].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Risk-aware business process management using multi-view modeling: method and tool

et al. 2021

View full text Add to dashboard Cite

Risk-aware Business Process Management (R-BPM) has been addressed in research since more than a decade. However, the integration of the two independent research streams is still ongoing with a lack of research focusing on the conceptual modeling perspective. Such an integration results in an increased meta-model complexity and a higher entry barrier for modelers in creating conceptual models and for addressees of the models in comprehending them. Multi-view modeling can reduce this complexity by providing multiple interdependent viewpoints that, all together, represent a complex system. Each viewpoint only covers those concepts that are necessary to separate the different concerns of stakeholders. However, adopting multi-view modeling discloses a number of challenges particularly related to managing consistency which is threatened by semantic and syntactic overlaps between the viewpoints. Moreover, usability and efficiency of multi-view modeling have never been systematically evaluated. This paper reports on the conceptualization, implementation, and empirical evaluation of e-BPRIM, a multi-view modeling extension of the Business Process-Risk Management-Integrated Method (BPRIM). The findings of our research contribute to theory by showing, that multi-view modeling outperforms diagram-oriented modeling by means of usability and efficiency of modeling, and quality of models. Moreover, the developed modeling tool is openly available, allowing its adoption and use in R-BPM practice. Eventually, the detailed presentation of the conceptualization serves as a blueprint for other researchers aiming to harness multi-view modeling.

show abstract

Section: The Research Domain Of R-bpmmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Risk-aware business process management using multi-view modeling: method and tool

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The first approach we evaluated was the Risk-Oriented Process Evaluation (ROPE) approach [Tjoa et al, 2008a;Tjoa et al, 2010;Tjoa et al, 2008b;Tjoa et al, 2011;Jakoubi et al, 2007;Jakoubi et al, 2010a;Jakoubi et al, 2010b;Jakoubi et al, 2009b;Jakoubi et al, 2008;Jakoubi and Tjoa, 2009;Goluch et al, 2008]. This approach proposes a three-layer model to capture the notion of "risk" within a business process model.…”

Section: Di01-jakoubi Et Almentioning

confidence: 99%

Current Research in Risk-aware Business Process Management―Overview, Comparison, and Gap Analysis

Suriadi

Weiß²,

Winkelmann³

et al. 2014

CAIS

View full text Add to dashboard Cite

The management of risk in business processes has been the subject of active research in the past few years. Potentially, many benefits can be obtained by integrating the two traditionally separated fields of risk management and business process management, including the ability to minimize risks in business processes by design and to mitigate such risks at run time. While there has been an increasing amount of research aimed at delivering such an integrated system, these research efforts vary in terms of scope, goals, and functionality. Through the systematic collection and evaluation of relevant literature, this article compares and classifies current approaches in the area of risk-aware business process management in order to expose and explain current research gaps. The process through which relevant literature was collected, filtered, and evaluated is also detailed. Finally, a research agenda is proposed.

show abstract

“…On this topic, this research focuses on the understanding of three key technological trends that define the external scenario. Related to the first, IT infrastructure outsourcing, a decision support framework based on security risks can help define whether or not to outsource some system (Khidzir, et al, 2010), while security models can also help monitor external providers (Jakoubi, et al, 2010). The second, cloud computing, drives the creation of different security risk analysis models (Zhang, et al, 2010), (Müller, et al, 2011).…”

Section: Development Of Secure Information Systemsmentioning

confidence: 99%

“…• Validate risks with provider (CSA, 2009), (CPNI, 2010) • Extend awareness programs (Corriss, 2010) • Isolate work environments • Provide secure remote access • Have backups to SLAs (Jakoubi, et al, 2010) • Obtain information from provider (CSA, 2009), (CPNI, 2010) • Consider service vulnerabilities • Focus on processes and people (Lacey, 2010) • Consider third party devices • Consider remote work environment • Consider provider environment…”

Section: Checkpoints External Scenariomentioning

confidence: 99%

Maintaining Information Security in the New Technological Scenario

Malandrin

Carvalho

2013

PAJAIS

View full text Add to dashboard Cite

The technological scenario always played a critical role in Information Security. However, in recent years, this scenario has changed substantially, in ways not known so far. Characterized by different technological trends, like IT infrastructure outsourcing, cloud computing and mobility, this scenario created several new security challenges. The usual approach to deal with change in Information Security Management Systems (ISMS) is to execute a risk assessment review and to deploy new security controls. However, because of the disruptive nature of the technological scenario, that is not enough-new ways to plan the ISMS itself seem to be required. In this paper, these needed changed are identified and detailed, using ISO/IEC 27001 as a key reference. Based on risks mapped in the literature for key technological trends, checkpoints were created and inserted into the basic processes for important ISMS planning activities. The result is a support framework designed specifically for Security Policy definition and Risk Management. By modifying the usual process for each activity, the framework drives the creation of a security culture based on the awareness of the external scenario new risks. Applicability tests executed in a medium-sized organization showed that the framework can be easily plugged into real world situations. The main contribution of this research is the definition of new tool to help security practitioners better cope with the security challenges created by a disruptive technological scenario.

show abstract

A Formal Approach Towards Risk-Aware Service Level Analysis and Planning

Cited by 8 publications

References 3 publications

Risk-aware business process management using multi-view modeling: method and tool

Risk-aware business process management using multi-view modeling: method and tool

Current Research in Risk-aware Business Process Management―Overview, Comparison, and Gap Analysis

Maintaining Information Security in the New Technological Scenario

Contact Info

Product

Resources

About