Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/the-use-of-business-process-modelling-in-information-systems-security-PQWt0e0H0w
References (19)
-
Geary Rummler, A. Brache (1995)
Improving Performance: How To Manage the White Space on the Organization Chart. Second Edition. The Jossey-Bass Management Series. -
William Kettinger, J. Teng, Subashish Guha (1997)
Business Process Change: A Study of Methodologies, Techniques, and ToolsMIS Q., 21
-
A. Scherr (1993)
A New Approach to Business ProcessesIBM Syst. J., 32
-
J. Hitchings (1995)
Achieving an Integrated Design: The Way Forward for Information Security -
Peter Chen (1976)
The entity-relationship model—toward a unified view of dataACM Trans. Database Syst., 1
-
Mike Martin, J. Dobson (1990)
Enterprise Modeling and Security Policies -
Esa Auramäki, R. Hirschheim, K. Lyytinen (1992)
Modelling Offices Through Discourse Analysis: The SAMPO ApproachComput. J., 35
-
J. Dobson (1990)
A Methodology for Analysing Human and Computer-related Issues in Secure Systems -
R. Baskerville (1991)
Risk analysis: an interpretive feasibility tool in justifying information systems securityEuropean Journal of Information Systems, 1
-
B. Curtis, M. Kellner, J. Over (1992)
Process modelingCommun. ACM, 35
-
K. Badenhorst, J. Eloff (1989)
Framework of a methodology for the life cycle of computer security in an organizationComput. Secur., 8
-
D Appleton
Business reengineering with business rules -
Ken Lindup (1996)
The role of information security in corporate governanceComput. Secur., 15
-
J. Searle (1969)
Speech Acts: An Essay in the Philosophy of Language -
P. Checkland (1981)
Systems Thinking, Systems Practice -
J. Backhouse, G. Dhillon (1996)
Structures of responsibility and security of information systemsEuropean Journal of Information Systems, 5
-
P. Sommer (1991)
Computer security and information integrity: Klaus Dittrich, Seppo Rautakivi and Juhani Saari 0 444 88859 4 North-Holland, Amsterdam, The Netherlands Dfl 205.00Computer Fraud & Security Bulletin, 1991
-
10.1007/978-1-5041-2919-0_2
-
S. Hinde (1998)
Recent security surveysComput. Secur., 17
- Publisher
- Emerald Publishing
- Copyright
- Copyright © 2000 MCB UP Ltd. All rights reserved.
- ISSN
- 0968-5227
- DOI
- 10.1108/09685220010339192
- Publisher site
- See Article on Publisher Site
Abstract
The increasing reliance of organisations on information systems connected to or extending over open data networks has established information security as a critical success factor for modern organisations. Risk analysis appears to be the predominant methodology for the introduction of security in information systems (IS). However, risk analysis is based on a very simple model of IS as consisting of assets, mainly data, hardware and software, which are vulnerable to various threats. Thus, risk analysis cannot provide for an understanding of the organisational environment in which IS operate. We believe that a comprehensive methodology for information systems security analysis and design (IS-SAD) should incorporate both risk analysis and organisational analysis, based on business process modelling (BPM) techniques. This paper examines the possible contribution of BPM techniques to IS-SAD and identifies the conceptual and methodological requirements for a technique to be used in this context. Based on these requirements, several BPM techniques have been reviewed. The review reveals the need for either adapting and combining current techniques or developing new, specialised ones.
Journal
Information Management & Computer Security – Emerald Publishing
Published: Aug 1, 2000
Keywords: Modelling; Information systems; Computer security; Risk