Talks and Poster Presentations (with Proceedings-Entry):

S. Fenz, A. Ekelhart, T. Neubauer:
"Business Process-based Resource Importance Determination";
Talk: 7th International Conference on Business Process Management (BPM'2009), Ulm, Germany; 2009-09-08 - 2009-09-10; in: "Proceedings of the 7th International Conference on Business Process Management (BPM'2009)", Springer, Lecture Notes in Computer Science, Volume 5701 (2009), 113 - 127.

English abstract:
Information security risk management (ISRM) heavily depends on realistic impact values representing the resources´ importance in the overall organizational context. Although a variety of ISRM approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can business processes be used to determine resources´ importance in the overall organizational context? We answer this question by measuring the actual importance level of resources based on business processes. Therefore, this paper presents our novel business process-based resource importance determination method which provides ISRM with an efficient and powerful tool for deriving realistic resource importance figures solely from existing business processes. The conducted evaluation has shown that the calculation results of the developed method comply to the results gained in traditional workshop-based assessments.

"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)

Electronic version of the publication:

Related Projects:
Project Head A Min Tjoa:
Security Ontologies

Created from the Publication Database of the Vienna University of Technology.