Research Article
Modelling Quality of Protection in Outsourced Business Processes
@INPROCEEDINGS{10.1109/IAS.2007.70, author={Fabio Massacci and Artsiom Yautsiukhin}, title={Modelling Quality of Protection in Outsourced Business Processes}, proceedings={3rd International ICST Symposium on Information Assurance and Security}, publisher={IEEE}, proceedings_a={IAS}, year={2007}, month={9}, keywords={Appraisal Buildings Companies Concrete Data security Information security Outsourcing Protection Service oriented architecture Technology management}, doi={10.1109/IAS.2007.70} }- Fabio Massacci
Artsiom Yautsiukhin
Year: 2007
Modelling Quality of Protection in Outsourced Business Processes
IAS
IEEE
DOI: 10.1109/IAS.2007.70
Abstract
There is a large number of research papers and standards dedicated to security for outsourced data. Yet, most papers propose new controls to access and protect the data rather than to assess the level of assurance of the whole process that is currently deployed. The main contributions of the paper is an approach for aggregating security properties of individual tasks of a complex business process in order to receive the level of assurance provided by the whole process. The approach takes into account the fact that some tasks of a business process may be outsourced and thus account for not very reliable partners. The approach chooses the concrete business process offering the highest assurance among several possible design alternatives by building an optimal hyper-path traversing the business process.