Integration of an Ontological Information Security Concept in Risk Aware Business Process Management

G. Goluch, A. Ekelhart,S. Fenz, S. Jakoubi, T. Mück:
"Integration of an Ontological Information Security Concept in Risk Aware Business Process Management";
Vortrag: 41th Hawaii International Conference on System Sciences (HICSS'08), Waikoloa, hawaii; 07.01.2008 - 10.01.2008; in:"Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences", IEEE Computer Society, (2008), ISSN: 1530-1605; S. 377 - 385.

[ Publication Database ]


priately counteract occurring threats has increasingly become a crucial success factor. Traditional business process management provides concepts for the economical optimization of processes, while risk management focuses on the design of robust business processes. While aiming at the same goal, namely the improve- ment of business, the approaches how to reach this vary, due to a different understanding of improvement. Following this, op- timizing recommendations of business process management and risk management may be contradictory. Therefore, we proposed a unified method, integrating both points of views to enable risk-aware business process management and optimization. In this paper, we briefly describe the ROPE (Risk-Oriented Process Evaluation) methodology and the Security Ontology concept, which provides a solid knowledge base for an applicable and holistic company specific IT security approach. This heavy-weight ontology provides structured knowledge regarding the relations between threats, safeguards, and assets, which are crucial for modeling processes in ROPE. We show how the integration of the Security Ontology's knowledge base enhances the applicability of the ROPE methodology leading to improved risk-aware business process management.