Information security risk management (ISRM) heavily depends on realistic impact values representing the resources' importance in the overall organizational context. Although a variety of ISRM approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can business processes be used to determine resources' importance in the overall organizational context? We answer this question by measuring the actual importance level of resources based on business processes. Therefore, this paper presents our novel business process-based resource importance determination method which provides ISRM with an efficient and powerful tool for deriving realistic resource importance figures solely from existing business processes. The conducted evaluation has shown that the calculation results of the developed method comply to the results gained in traditional workshop-based assessments. © 2009 Springer Berlin Heidelberg Static process analysis.
CITATION STYLE
Fenz, S., Ekelhart, A., & Neubauer, T. (2009). Business Process-Based Resource Importance Determination. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5701 LNCS, pp. 113–127). https://doi.org/10.1007/978-3-642-03848-8_9
Mendeley helps you to discover research relevant for your work.