A Quantitative Methodology for Security Risk Assessment of Enterprise Business Processes

Jaya Bhattacharjee; Anirban Sengupta; Chandan Mazumdar

doi:10.5220/0005739703880399

A Quantitative Methodology for Security Risk Assessment of Enterprise Business Processes

Jaya Bhattacharjee, Anirban Sengupta, Chandan Mazumdar

2016

Abstract

Business processes help to realize the business objectives of an enterprise. Security breach of business processes may lead to un-fulfillment of objectives, loss of revenue, and possible shutdown of the corresponding business venture. Hence, it is important to ensure that the security properties of critical business processes are protected from attacks and failures. Effective protection mechanisms can be designed only after identifying security risks to business processes. However, existing methodologies mostly focus on the detection of risks to individual hardware, software, network and information assets. They do not cater to risks that are specific to business processes. This paper attempts to address this gap in research by describing a technique for identifying the components of a business process and quantitatively assessing their security risks.

Download

Paper Citation

in Harvard Style

Bhattacharjee J., Sengupta A. and Mazumdar C. (2016). A Quantitative Methodology for Security Risk Assessment of Enterprise Business Processes . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 388-399. DOI: 10.5220/0005739703880399

in Bibtex Style

@conference{icissp16,
author={Jaya Bhattacharjee and Anirban Sengupta and Chandan Mazumdar},
title={A Quantitative Methodology for Security Risk Assessment of Enterprise Business Processes},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={388-399},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005739703880399},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Quantitative Methodology for Security Risk Assessment of Enterprise Business Processes
SN - 978-989-758-167-0
AU - Bhattacharjee J.
AU - Sengupta A.
AU - Mazumdar C.
PY - 2016
SP - 388
EP - 399
DO - 10.5220/0005739703880399