MODELLING E-BUSINESS SECURITY USING BUSINESS PROCESSES

S. Nachtigal, C. J. Mitchell

Abstract

Organisations (enterprises, businesses, government institutions, etc.) have changed their way of doing business from a traditional approach to embrace e-business processes. This change makes the perimeter security approach inappropriate for such organisations. The well-known and widely used security mechanisms, including cryptography-based tools and techniques, cannot provide a sufficient level of security without being a part of a comprehensive organisational approach/philosophy. This approach must be different from the current dominant approach, i.e. perimeter security, and must focus on different organisational components. In this paper we suggest a process security approach, and describe ongoing research with the aim of developing an e-business security model based on this new, process security, approach.

References

  1. Aissi, S., Malu, P., and Srinivasan, K. (2002). E-business process modeling: The next big step. Computer, 35(5):55-62.
  2. Applegate, L. M. (2002). E-Business Handbook. The St. Lucie Press.
  3. CSI (2005). 2004 CSI/FBI Computer Crime and Security Survey. Computer Security Institute.
  4. Gloor, P. (2000). Making the e-Business Transformation. Springer-Verlag, London.
  5. Holden, G. (2003). Guide to Network Defense and Countermeasures. Thomson Learning, Course Technology.
  6. Kis, M. (2002). Information security antipatterns in software requirements engineering. Permission is granted to copy for the PLoP 2002 conference.
  7. Knorr, K. and Rohrig, S. (2001). Security requirements of e-business processes. In Schmid, B., StanoevskaSlabeva, K., and Tschammer, V., editors, Towards the E-Society: First IFIP Conference on E-Commerce, E-Business, and E-Government; Zurich, Switzerland, Oct. 4-5, 2001, pages 73-86. Kluwer Academic Publishers, Norwell, MA.
  8. Laudon, K. C. and Laudon, J. P. (1998). Information Systems and the Internet. Dryden Press, 4th edition.
  9. McCumber, J. (2005). Assessing and Managing Security Risk in IT Systems. Auerbach Publications.
  10. McLean, J. (1990). Security models and information flow.
  11. Milner, R. (1999). Communicating and Mobile Systems. Cambridge University Press.
  12. Myers, M. D. (1997). Qualitative research in information systems. MIS Quarterly, 21(2):241-242.
  13. Oz, E. (2000). Management Information Systems. Thomson Learning, Course Technology.
  14. Poirier, C. C. and Bauer, M. J. (2001). E-Supply Chain. Berrett-Koehler Publishers, Inc.
  15. Porter, M. (1980). Competitive Strategy. Free Press, USA.
  16. Sabelfeld, A. and Myers, A. C. (2003). Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1):5-19.
  17. Smith, H. and Fingar, P. (2003a). Business Process Management: The Third Wave. Meghen-Kiffer Press.
  18. Smith, H. and Fingar, P. (2003b). Workflow is just a Pi process. Possibly available at www.bpm3.com/picalculus.
Download


Paper Citation


in Harvard Style

Nachtigal S. and J. Mitchell C. (2006). MODELLING E-BUSINESS SECURITY USING BUSINESS PROCESSES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 459-464. DOI: 10.5220/0002103404590464


in Bibtex Style

@conference{secrypt06,
author={S. Nachtigal and C. J. Mitchell},
title={MODELLING E-BUSINESS SECURITY USING BUSINESS PROCESSES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={459-464},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002103404590464},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - MODELLING E-BUSINESS SECURITY USING BUSINESS PROCESSES
SN - 978-972-8865-63-4
AU - Nachtigal S.
AU - J. Mitchell C.
PY - 2006
SP - 459
EP - 464
DO - 10.5220/0002103404590464