Information Security Assurance Model for Collaborating Business Processes

摘要

The objective of the paper is to propose an information security assurance model for collaborating business processes. The business processes have to handle sensitive information that may be in structured or unstructured forms which could be leaked by security flaws in business transactions. A mathematical model of a risk based enhanced security for business processes is proposed with suitable metrics while integrating the structured and/or unstructured information for business continuity. The structured and unstructured information assets in various electronic documents within the business processes may change periodically with respect to their type, value and context. In the earlier information security incidents, the dynamic activation of appropriate safeguards, prevention and recovery from risks due to unstructured information were not considered. The expected business continuity (EBC) in terms of business importance and attack security index is proposed from the standards towards the security compliances.