loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Panagiotis Dedousis 1 ; Melina Raptaki 1 ; George Stergiopoulos 2 and Dimitris Gritzalis 1

Affiliations: 1 Dept. of Informatics, Athens University of Economics & Business, Athens, Greece ; 2 Dept. of Information & Communication Systems Engineering, University of the Aegean, Samos, Greece

Keyword(s): Cybersecurity, Risk Assessment, Process Mining, Business Process Management, Dependency Risk Graphs.

Abstract: Cybersecurity Risk Assessment reports (RAs) on an organization’s information systems are fundamental to supporting its entire information security management. Proper assessments do not restrict their analysis only to tangible assets of an information system (e.g., servers, personal computers, databases) but also delve into the company’s day-to-day business flows that utilize its information system. Business processes, whether internal (i.e., payments) or external (i.e., paid services to customers or products), must also be analyzed in terms of impact and threat exposure, an approach often coined “process-based risk assessment.” Most modern ISO27000 methods and relevant tools include business flow models in their analysis, either as assets or as processes themselves. Process mining defines methods and techniques able to construct graphs that demonstrate the various business flows that are taking place in an information system. However, while process mining methods are of significant i nterest in general risk analysis, supply chain, and business restructuring, they seem to be neglected in cybersecurity risk assessments. In this paper, we propose an automated method for leveraging process mining to conduct faster and more thorough cybersecurity risk assessments. Our enhanced process mining creates graphs that incorporate weights from typical risk assessment methodologies and provide helpful information on risk and potential attack vectors on business-driven events by correlating and analyzing the steps of the business processes depicted in the graph to the assets used to complete each step. We evaluate our approach and proof-of-concept tool by modeling a real-world company’s business flows and incorporating them into a risk assessment model to detect and analyze potential attack sources and their respective impact on everyday business work. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.135.247.17

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Dedousis, P.; Raptaki, M.; Stergiopoulos, G. and Gritzalis, D. (2022). Towards an Automated Business Process Model Risk Assessment: A Process Mining Approach. In Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-590-6; ISSN 2184-7711, SciTePress, pages 35-46. DOI: 10.5220/0011135600003283

@conference{secrypt22,
author={Panagiotis Dedousis. and Melina Raptaki. and George Stergiopoulos. and Dimitris Gritzalis.},
title={Towards an Automated Business Process Model Risk Assessment: A Process Mining Approach},
booktitle={Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT},
year={2022},
pages={35-46},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011135600003283},
isbn={978-989-758-590-6},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 19th International Conference on Security and Cryptography - SECRYPT
TI - Towards an Automated Business Process Model Risk Assessment: A Process Mining Approach
SN - 978-989-758-590-6
IS - 2184-7711
AU - Dedousis, P.
AU - Raptaki, M.
AU - Stergiopoulos, G.
AU - Gritzalis, D.
PY - 2022
SP - 35
EP - 46
DO - 10.5220/0011135600003283
PB - SciTePress