Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security
Agnes Åkerlund, Christine Große
2020
Abstract
This article explores the question of how to measure information security. Organisational information security is difficult to evaluate in this complex area because it includes numerous factors. The human factor has been acknowledged as one of the most challenging factors to consider in the field of information security. This study models the application of data envelopment analysis to business processes in order to facilitate the evaluation of information security that includes human factors. In addition to the model, this study demonstrates that data envelopment analysis provides an efficiency measure to assess the information security level of a business process. The novel approach that is proposed in this paper is exemplified with the aid of three fictive processes. The Business Process Model and Notation has been used to map the processes because it facilitates the visualisation of human interactions in processes and the form of the processed information. The combination of data envelopment analysis with process modelling and analyses of process deficiencies and threats to information security enables the evaluation of information security to include human factors in the analyses. Moreover, it provides a measure to benchmark information security in organisational processes.
DownloadPaper Citation
in Harvard Style
Åkerlund A. and Große C. (2020). Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 281-288. DOI: 10.5220/0008875802810288
in Bibtex Style
@conference{icissp20,
author={Agnes Åkerlund and Christine Große},
title={Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={281-288},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008875802810288},
isbn={978-989-758-399-5},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Integration of Data Envelopment Analysis in Business Process Models: A Novel Approach to Measure Information Security
SN - 978-989-758-399-5
AU - Åkerlund A.
AU - Große C.
PY - 2020
SP - 281
EP - 288
DO - 10.5220/0008875802810288