A Quantitative Methodology for Security Risk Assessment of Enterprise Business Processes

摘要

Business processes help to realize the business objectives of an enterprise. Security breach of business processes may lead to un-fulfillment of objectives, loss of revenue, and possible shutdown of the corresponding business venture. Hence, it is important to ensure that the security properties of critical business processes are protected from attacks and failures. Effective protection mechanisms can be designed only after identifying security risks to business processes. However, existing methodologies mostly focus on the detection of risks to individual hardware, software, network and information assets. They do not cater to risks that are specific to business processes. This paper attempts to address this gap in research by describing a technique for identifying the components of a business process and quantitatively assessing their security risks.