To read the full version of this content please select one of the options below:

The use of business process modelling in information systems security analysis and design

S.A. Kokolakis (Department of Informatics, Athens University of Economics and Business, Athens, Greece)
A.J. Demopoulos (Department of Informatics, Athens University of Economics and Business, Athens, Greece)
E.A. Kiountouzis (Department of Informatics, Athens University of Economics and Business, Athens, Greece)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 1 August 2000

Abstract

The increasing reliance of organisations on information systems connected to or extending over open data networks has established information security as a critical success factor for modern organisations. Risk analysis appears to be the predominant methodology for the introduction of security in information systems (IS). However, risk analysis is based on a very simple model of IS as consisting of assets, mainly data, hardware and software, which are vulnerable to various threats. Thus, risk analysis cannot provide for an understanding of the organisational environment in which IS operate. We believe that a comprehensive methodology for information systems security analysis and design (IS‐SAD) should incorporate both risk analysis and organisational analysis, based on business process modelling (BPM) techniques. This paper examines the possible contribution of BPM techniques to IS‐SAD and identifies the conceptual and methodological requirements for a technique to be used in this context. Based on these requirements, several BPM techniques have been reviewed. The review reveals the need for either adapting and combining current techniques or developing new, specialised ones.

Keywords

Citation

Kokolakis, S.A., Demopoulos, A.J. and Kiountouzis, E.A. (2000), "The use of business process modelling in information systems security analysis and design", Information Management & Computer Security, Vol. 8 No. 3, pp. 107-116. https://doi.org/10.1108/09685220010339192

Publisher

:

MCB UP Ltd

Copyright © 2000, MCB UP Limited