Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security

Cherdantseva, Yulia 2014. Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security. PhD Thesis, Cardiff University.
Item availability restricted.

[img]
Preview
PDF - Accepted Post-Print Version
Available under License Creative Commons Attribution Non-commercial Share Alike.

Download (37MB) | Preview
[img] PDF - Supplemental Material
Restricted to Repository staff only

Download (5MB)

Abstract

The main contribution of this thesis is Secure*BPMN, a graphical security modelling extension for the de-facto industry standard business process modelling language BPMN 2.0.1. Secure*BPMN enables a cognitively effective representation of security concerns in business process models. It facilitates the engagement of experts with different backgrounds, including non-security and nontechnical experts, in the discussion of security concerns and in security decision-making. The strength and novelty of Secure*BPMN lie in its comprehensive semantics based on a Reference Model of Information Assurance & Security (RMIAS) and in its cognitively effective syntax. The RMIAS, which was developed in this project, is a synthesis of the existing knowledge of the Information Assurance & Security domain. The RMIAS helps to build an agreed-upon understanding of Information Assurance & Security, which experts with different backgrounds require before they may proceed with the discussion of security issues. The development process of the RMIAS, which was made explicit, and the multiphase evaluation carried out confirmed the completeness and accuracy of the RMIAS, and its suitability as a foundation for the semantics of Secure*BPMN. The RMIAS, which has multiple implications for research, education and practice is a secondary contribution of this thesis, and is a contribution to the Information Assurance & Security domain in its own right. The syntax of Secure*BPMN complies with the BPMN extensibility rules and with the scientific principles of cognitively effective notation design. The analytical and empirical evaluations corroborated the ontological completeness, cognitive effectiveness, ease of use and usefulness of Secure*BPMN. It was verified that Secure*BPMN has a potential to be adopted in practice.

Item Type: Thesis (PhD)
Status: Unpublished
Schools: Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Uncontrolled Keywords: Information Security, Information Assurance, Reference Model, Conceptual Model, Security Knowledge Representation, Reference Model Evaluation, Business Process Modelling Language, BPMN, Graphical Extension, BPMN Extension Evaluation
Last Modified: 04 Jun 2017 08:13
URI: http://orca.cf.ac.uk/id/eprint/74432

Actions (repository staff only)

Edit Item Edit Item

Full Text Downloads from ORCA for this publication

Top Downloads of this item by Country

Monthly Full Text Downloads of this item

More statistics for this item...