No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Insider Threat: Εnhancing BPM through Social Media
Abstract
Modern business environments have a constant need to increase their productivity, reduce costs and offer competitive products and services. This can be achieved via modeling their business processes. Yet, even in light of modelling's widespread success, one can argue that it lacks built-in security mechanisms able to detect and fight threats that may manifest throughout the process. Academic research has proposed a variety of different solutions which focus on different kinds of threat. In this paper we focus on insider threat, i.e. insiders participating in an organization's business process, who, depending on their motives, may cause severe harm to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes. We discuss their pros and cons and propose a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media. It exams the online behavior of users and pinpoints potential insiders with critical roles in the organization's processes. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be only allowed on exceptional cases, such as protecting critical infrastructures.
... A growing trend toward partnership and network development of a "network society" was observed. Interdependence and horizontal relations have grown in importance due to the influence of information technologies [51]. Moreover, networking skills become a meaningful factor for career success. ...
... Moreover, networking skills become a meaningful factor for career success. Social technologies have an impact on work planning and collaboration in BPM [51][52][53][54][55]. The research also noticed the effectiveness of cognitive technologies' application to social networks and building cognitive social structures [56]. ...
The increasing role of emerging technologies, such as big data, the Internet of Things, artificial intelligence (AI), cognitive technologies, cloud computing, and mobile technologies, is essential to the business process manager profession’s sustainable development. Nevertheless, these technologies could involve new challenges in labor markets. The era of intelligent business process management (BPM) has begun, but how does it look in real labor markets? This paper examines the hypothesis that the transformation of the business process manager profession has been caused by certain determinants that involve the need for an improvement in BPM skills. The main contribution is a model of the dimensions of the impact of digital technologies on business process management supplemented with skills that influence the business process manager profession. The paper fills the gap in research on perspectives of the impact of digital technologies on business process management, considering both a literature analysis and labor market research. The purpose of the literature review was to identify the core dimensions that drive the use of emerging technologies in business process management. The labor market study was conducted in order to analyze the current demand for core skills of business process managers in the Polish labor market with a particular emphasis on the intelligent BPM concept. Additionally, to study the determinants that slow down the iBPM concept’s development, the digital intensity level of the enterprises and public administration units in Poland was studied. Finally, a fuzzy cognitive map presenting the core determinants of the business process manager profession’s transformation is described.
... In paragraph bellow we concentrate on threats that could cause trouble in business. When dealing with social BPM we came across very large set of actors from different organizations and with varying levels of BPM proficiency and domain knowledge [40] . Social BPM can only be successful if all actors who can make meaningful contribution are motivated to invest their time and effort continuously and lastingly. ...
Technologies and concepts of Web 2.0 are strongly present in everyday life and also in business environments, where they are increasingly involved into business activities which constitute business processes. Combining the management of Web 2.0 and business processes resulted in social BPM, which is one of the most promising fields in the software industry. Social BPM tries to create knowledge in business environments and manage it efficiently. In this contribution, some key features are presented. We particularly exposed strengths, weaknesses, opportunities and threats of social BPM.
Insider threats are one of today’s most challenging cybersecurity issues that are not well addressed by commonly employed security solutions. In this work, we propose structural taxonomy and novel categorization of research that contribute to the organization and disambiguation of insider threat incidents and the defense solutions used against them. The objective of our categorization is to systematize knowledge in insider threat research while using an existing grounded theory method for rigorous literature review. The proposed categorization depicts the workflow among particular categories that include incidents and datasets, analysis of incidents, simulations, and defense solutions. Special attention is paid to the definitions and taxonomies of the insider threat; we present a structural taxonomy of insider threat incidents that is based on existing taxonomies and the 5W1H questions of the information gathering problem. Our survey will enhance researchers’ efforts in the domain of insider threat because it provides (1) a novel structural taxonomy that contributes to orthogonal classification of incidents and defining the scope of defense solutions employed against them, (2) an overview on publicly available datasets that can be used to test new detection solutions against other works, (3) references of existing case studies and frameworks modeling insiders’ behaviors for the purpose of reviewing defense solutions or extending their coverage, and (4) a discussion of existing trends and further research directions that can be used for reasoning in the insider threat domain.
In today’s expansion of new technologies, innovation is found necessary for organizations to be up to date with the latest management trends. Although organizations are increasingly using new technologies, opportunities still exist to achieve the nowadays essential omnichannel management strategy. More precisely, social media are opening a path for benefiting more from an organization’s process orientation. However, social media strategies are still an under-investigated field, especially when it comes to the research of social media use for the management and improvement of business processes or the internal way of working in organizations. By classifying a variety of articles, this study explores the evolution of social media implementation within the BPM discipline. We also provide avenues for future research and strategic implications for practitioners to use social media more comprehensively.
Organizations employ a suite of analytical models to solve complex decision problems in their respective domains. The current practice uses different simulation and modeling formalisms and subject matter experts to address parts of a larger problem. There is a realization that complex problems cannot be solved by employing a single analytical methodology and its supporting tools; rather, they require a combination of several such methods, all supplementing or complementing each other. We propose the use of multiformalism-based modeling and analysis to assist in evaluating performance of insider threat detection systems. The paper proposes a multimodeling test bed that allows integration of multiple modeling and analysis techniques that can digest and correlate different sources of data and provide insights on performance of insider threat detection systems. © Springer International Publishing AG 2018. All rights are reserved.
Cyber security is vital to the success of today’s digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and prediction nowadays? 2) What are the challenges associated with insider threat detection and prediction? 3) What are the best-to-date insider threat detection and prediction algorithms? We conduct a systematic review of 37 articles published in peer-reviewed journals, conference proceedings and edited books for the period of 1950–2015 to address the first two questions. Our survey suggests that game theoretic approach (GTA) is a popular source of insider threat data; the insiders’ online activities are the most widely used features in insider threat detection and prediction; most of the papers use single point estimates of threat likelihood; and graph algorithms are the most widely used tools for detecting and predicting insider threats. The key challenges facing the insider threat detection and prediction system include unbounded patterns, uneven time lags between activities, data nonstationarity, individuality, collusion attacks, high false alarm rates, class imbalance problem, undetected insider attacks, uncertainty, and the large number of free parameters in the model. To identify the best-to-date insider threat detection and prediction algorithms, our meta-analysis study excludes theoretical papers proposing conceptual algorithms from the 37 selected papers resulting in the selection of 13 papers. We rank the insider threat detection and prediction algorithms presented in the 13 selected papers based on the theoretical merits and the transparency of information. To determine the significance of rank sums, we perform “the Friedman two-way analysis of variance by ranks” test and “multiple comparisons between groups or conditions” tests.
SOA enables business processes (BPs) to be available in form of service. In today world, BP involves human social interactions as part of the business requirements. These interactions are performed through corporate tools running inside the organization called "Enterprise Social Networking" (ESN). Business and IT people depend on these tools to reshape the organization BPs as services. However, most of these tools are monolithic packages, where business and IT people cannot utilize embedded data. In this paper, we define an approach to reengineer the ESN and extract new social-web services that are loosely coupled, discoverable and reusable by other SOA application. This will enable organizations to provide social BPs as services to facilitate partners and customers' collaboration and participation without replacing their legacy applications. This approach will be evaluated by a use case and in future by a prototype simulation.
Business process modeling has facilitated modern enterprises to cope with the constant need to increase their productivity, reduce costs and offer competitive products and services. Despite modeling’s and process management’s widespread success, one may argue that it lacks of built-in security mechanisms able to detect and deter threats that may manifest throughout the process. To this end, a variety of different solutions have been proposed by researchers which focus on different threat types. In this paper we examine the insider threat through business processes. Depending on their motives, insiders participating in an organization’s business process may manifest delinquently in a way that causes severe impact to the organization. We examine existing security approaches to tackle down the aforementioned threat in enterprise business processes and propose a preliminary model for a monitoring approach that aims at mitigating the insider threat. This approach enhances business process monitoring tools with information evaluated from Social Media by examining the online behavior of users and pinpoints potential insiders with critical roles in the organization’s processes. Also, this approach highlights the threat introduced in the processes operated by such users. We conclude with some observations on the monitoring results (i.e. psychometric evaluations from the social media analysis) concerning privacy violations and argue that deployment of such systems should be allowed solely on exceptional cases, such as protecting critical infrastructures or monitoring decision making personnel.
Η διαρκής ανάπτυξη της Τεχνολογίας Πληροφοριών και Επικοινωνίας (Τ.Π.Ε.) στο σύγχρονο κοινωνικό τοπίο φαίνεται να αποτελεί ένα πρόσφορο έδαφος ανοιχτού διαλόγου, με σκοπό το συστηματικό επαναπροσδιορισμό του ρόλου των τεχνουργημάτων της ανθρώπινης ευρηματικότητας σε σχέση με τις κοινωνικές πρακτικές των δρώντων προσώπων. Με αφετηρία τη συγκεκριμένη διαπίστωση, ιδιαίτερο ενδιαφέρον παρουσιάζει η διερεύνηση του τρόπου με τον οποίο τα ιστολόγια ως μια μορφή σύγχρονου μέσου κοινωνικής δικτύωσης είναι δυνατόν να προσεγγιστούν ως οιονεί κοινωνικοτεχνικά συστήματα.
Ο στόχος της διατριβής είναι η μελέτη της ελληνόφωνης μπλογκόσφαιρας μέσω της καταγραφής των επικοινωνιακών πρακτικών των ελληνόφωνων bloggers. Οι κεντρικοί θεματικοί άξονες αφορούν στη συλλογή δεδομένων που σχετίζονται με τα δημογραφικά χαρακτηριστικά των bloggers, τις επικοινωνιακές τους πρακτικές, το περιεχόμενο των ιστολογίων, τις νοηματοδοτήσεις/ερμηνείες των συμμετεχόντων στην έρευνα, καθώς και τις σχέσεις που διασυνδέουν τις πρακτικές τους με άλλα πρόσωπα και λειτουργίες.
Μέσα από την προτεινόμενη θεωρητική προσέγγιση επιχειρείται η διερεύνηση της δυνατότητας μελέτης του πεδίου των ιστολογίων ως οιονεί αυτοποιητικών κοινωνικοτεχνικών συστημάτων, τα οποία δεν συγκροτούνται (απλώς) από ένα πλήθος διαδρώντων προσώπων, αλλά μέσω της κανονικοποίησης των επικοινωνιακών ενεργημάτων στο πλαίσιο μιας ενδοϋπολογιστικά ηνιοχούμενης διαδραστικής διαδικασίας. Οι bloggers αντιμετωπίζονται ως πρόσωπα/μέλη ενός κοινωνικοτεχνικού συστήματος και η διερεύνηση και κατανόηση των πρακτικών τους μπορεί να υλοποιηθεί στο πλαίσιο συστημάτων παρατήρησης επικοινωνιακών δρώντων υποκειμένων, σε μια διαδικασία σχηματισμού του «ενδόκοσμου» αυτού του συστήματος. Εξετάζεται επίσης ο βαθμός στον οποίο τα ιστολόγια συγκροτούν ένα κοινωνικοτεχνικό σύστημα μέσω της παραγωγής νοηματικά αναγνωρίσιμων επικοινωνιακών ενεργημάτων.
Για τον έλεγχο των προηγούμενων θέσεων εφαρμόστηκε ο συνδυασμός δύο μεθοδολογικών εργαλείων: χρήση διαδικτυακού ερωτηματολογίου και διεξαγωγή διαδικτυακού τύπου συνεντεύξεων. Η έρευνα πεδίου πραγματοποιήθηκε το διάστημα από 25/10/2010 έως 20/08/2011 με τη συμμετοχή 672 bloggers στο ερωτηματολόγιο και την πραγματοποίηση 25 συνεντεύξεων. Ολοκληρώθηκε μια περιγραφική στατιστική ανάλυση και παρουσίαση των αποτελεσμάτων. Επίσης συγκροτήθηκαν έντεκα κεντρικοί θεματικοί άξονες, από την ανάλυση του περιεχομένου των συνεντεύξεων, μέσω των οποίων επιχειρήθηκε η καταγραφή των επικοινωνιακών πρακτικών, ερμηνειών και νοηματοδοτήσεων των συμμετεχόντων.
Συμπερασματικά, παρουσιάστηκε για πρώτη φορά στο πεδίο της ελληνικής επιστημονικής κοινότητας η χρήση της συστημικής σκέψης για την προσέγγιση των ιστολογίων ως οοινεί κοινωνικοτεχνικών συστημάτων τα οποία παράγουν και αναδιαμορφώνουν αυτοπεριγραφές του κοινωνικού συστήματος, μέσω της χρήσης τεχνολογιών κοινωνικής δικτύωσης. Πιστεύω ότι μια πιθανή περαιτέρω διερεύνηση αυτής της θεωρητικής σκοπιάς σε συνάρτηση με τα σύγχρονα μέσα κοινωνικής δικτύωσης, μπορεί να τεκμηριώσει μελλοντικά μια σύγχρονη θεωρία των μέσων κοινωνικής δικτύωσης.
Social media have widened society’s opportunities for communication, while they offer ways to perform employees’ screening and profiling. Our goal in this paper is to develop an insider threat prediction method by (e)valuating a users’ personality trait of narcissism, which is deemed to be closely connected to the manifestation of malevolent insiders. We utilize graph theory tools in order to detect influence of and usage deviation. Then, we categorize the users according to a proposed taxonomy. Thus we detect individuals with narcissistic characteristics and manage to test groups of people under the prism of group homogeneity. Furthermore, we compare and classify users to larger sub-communities consisting of people of the same profession. The analysis is based on an extensive crawling of Greek users of Twitter. As the application of this method may lead to infringement of privacy rights, its use should be reserved for exceptional cases, such as the selection of security officers or of critical infrastructures decision-making staff.
Business process modelling is one of the major aspects in the modern information system development. Recently business process model and notation (BPMN) has become a standard technique to support this activity. Typically the BPMN notations are used to understand enterprise's business processes. However, limited work exists regarding how security concerns are addressed during the management of the business processes. This is a problem, since both business processes and security should be understood in parallel to support a development of the secure information systems. In the previous work we have analysed BPMN with respect to the domain model of the IS security risk management (ISSRM) and showed how the language constructs could be aligned to the concepts of the ISSRM domain model. In this paper the authors propose the BPMN extensions for security risk management based on the BPMN alignment to the ISSRM concepts. We illustrate how the extended BPMN could express assets, risks and risk treatment on few running examples related to the Internet store regarding the asset confdentiality, integrity and availability. Our proposal would allow system analysts to understand how to develop security requirements to secure important assets defned through business processes. The paper opens the possibility for business and security model interoperability and the model transformation between several modelling approaches (if these both are aligned to the ISSRM domain model).
The protection of critical infrastructures (CI) is a complex task, since it involves the assessment of both internal and external security risk. In the recent literature, methodologies have been proposed that can be used to identify organisation-wise security threats, or even first-order dependency risk (i.e., risk deriving from direct dependencies). However, there is a lack of work in the area of multi-order dependencies, i.e., assessing the cumulative effects of a single incident, on infrastructures that are connected indirectly. In this paper, we propose a method to identify and assess multi-order dependencies. Based on previous work, we utilise existing first-order dependency graphs, in order to assess the effect of a disruption to consequent infrastructures. In this way, it may be possible to identify and prevent security threats of very high impact from a macroscopic view, which would be hard to identify if we only examine first-order dependencies. We also present a scenario, which provides some evidence on the applicability of the proposed approach.
Organizations face growing risks from malicious or careless insiders. An insider threat may take many forms, including disgruntled workers, individuals under financial stress or intentional acts of espionage. Waiting for threats to manifest may leave an organization open to liability, hurt morale and in extreme cases lead to physical harm of others. However, predicting who may pose the greatest risk is challenging. Legal and economic concerns make direct psychological examinations challenging, while reliance upon supervisor or coworker assessments may lead to unfounded accusations. This research investigates the potential for active monitoring of electronic communications as a method that may identify problems early, allowing for proactive mitigation through coaching, assistance programs and where warranted, termination. Research has found correlations between word use and behavior. This research demonstrates that subtle but measurable differences in the frequency of common words found in electronic communication may provide clues about potential insider threat risks.
Security and privacy are essential for business processes (BPs). In particular, BPs dealing with personally-identifiable information require mechanisms to give data owners control over their data. Currently, business-process-management systems (BPMSs) lack security features important for BPs in SOA. We propose a language sufficiently broad to formulate security constraints. In addition, we considerably ease how data owners can control their security, privacy and trust preferences at process runtime. The BPMS extensions we have implemented transform security-enhanced BPMN schemas into executable secure processes in a versatile manner.
We present a general methodology for integrating arbitrary security requirements in the development of business processes
in a both elegant and rigorous way. We show how trust relationships between different parties and their respective security
goals can be reflected in a specification, which results in a realistic modeling of business processes in the presence of
malicious adversaries. Special attention is given to the incorporation of cryptography in the development process with the
main goal of achieving specifications that are sufficiently simple to be suited for formal verification, yet allow for a provably
secure cryptographic implementation.
Logging User Actions in Relational Mode' (LUARM) is an open source audit engine for Linux. It provides a near real-time snapshot of a number of user action data such as file access, program execution and network endpoint user activities, all organized in easily searchable relational tables. LUARM attempts to solve two fundamental problems of the insider IT misuse domain. The first concerns the lack of insider misuse case data repositories that could be used by post-case forensic examiners to aid an incident investigation. The second problem relates to how information security researchers can enhance their ability to specify accurately insider threats at system level. This paper presents LUARM's design perspectives and a 'post mortem' case study of an insider IT misuse incident. The results show that the prototype audit engine has a good potential to provide a valuable insight into the way insider IT misuse incidents manifest on IT systems and can be a valuable complement to forensic investigators of IT misuse incidents.
Business Processes are considered a crucial issue by many enterprises because they are the key to maintain competitiveness. Moreover, business processes are important for software developers, since they can capture from them the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. Security is important for business performance, but traditionally, it is considered after the business processes definition. Empirical studies show that, at the business process level, customers, end users, and business analysts are able to express their security needs. In this work, we will present a proposal aimed at integrating security requirements through business process modeling. We will summarize our Business Process Modeling Notation extension for modeling secure business process through Business Process Diagrams, and we will apply this approach to a typical health-care business process.
BPM is a holistic management approach applied by organizations worldwide in different settings and scenarios to address complex requirements of their stakeholders. In this paper an introduction on existing methodologies on business process design and tools is provided and the BPMS paradigm as a generic life cycle approach is proposed for application of a meta modelling platforms to address current and future challenges in different BPM related settings. Categorization of the best practices according to the application context is provided by presenting corresponding cases.
This report sets out the results of a small-scale research project commissioned by Acas examining the implications of social networking and mobile information and communications technologies (ICT) for employment relations. Social networking involves use of an online platform or website that enables people to communicate, usually for a social purpose, through a variety of services, most of which are web-based and offer opportunities for people to interact over the internet, e.g. via e-mail and ‘instant messaging’.
Cloud computing is an emerging technology paradigm, enabling and facilitating the dynamic and versatile provision of computational resources and services. Even though the advantages offered by cloud computing are several, there still exist second thoughts on the security and privacy of the cloud services. Use of cloud services affects the security posture of organizations and critical infrastructures, therefore it is necessary that new threats and risks introduced by this new paradigm are clearly understood and mitigated. In this paper we focus on the insider threat in cloud computing, a topic which has not received research focus, as of now. We address the problem in a holistic way, differentiating between the two possible scenarios: a) defending against a malicious insider working for the cloud provider, and b) defending against an insider working for an organization which chooses to outsource parts or the whole IT infrastructure into the cloud. We identify the potential problems for each scenario and propose the appropriate countermeasures, in an effort to mitigate the problem.
Logging User Actions in Relational Mode (LUARM) is an open source audit engine for Linux. It provides a near real-time snapshot of a number of user action data such as file access, program execution and network endpoint user activities, all organized in easily searchable relational tables. LUARM attempts to solve two fundamental problems of the insider IT misuse domain. The first concerns the lack of insider misuse case data repositories that could be used by post-case forensic examiners to aid an incident investigation. The second problem relates to how information security researchers can enhance their ability to specify accurately insider threats at system level. This paper presents LUARM’s design perspectives and a ’post mortem’ case study of an insider IT misuse incident. The results show that the prototype audit engine has good potential to provide a valuable insight into the way insider IT misuse incidents manifest on IT systems and can be a valuable complement to forensic investigators of IT misuse incidents.
Addressing the insider threat is a major issue in cyber and corporate security in order to enhance trusted computing in critical infrastructures. In this paper we study the psychosocial perspective and the implications of insider threat prediction via social media, Open Source Intelligence and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding negative attitude towards authorities. For doing so, we facilitate a brief analysis of the medium (YouTube), machine learning techniques and a dictionary-based approach, in order to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the user's attitude and improve the scalability of our method. Furthermore, we compare the results of each method and highlight the common behavior and characteristics manifested by the users. As privacy violations may well-rise when using such methods, their use should be restricted only on exceptional cases, e.g. when appointing security officers or decision-making staff in critical infrastructures.
Insider threat is a major issue in cyber and corporate security. In this paper we study the psychosocial perspective of the insider via social media, Open Source Intelligence, and user generated content classification. Inductively, we propose a prediction method by evaluating the predisposition towards law enforcement and authorities, a personal psychosocial trait closely connected to the manifestation of malevolent insiders. We propose a methodology to detect users holding a negative attitude towards authorities. For doing so we facilitate the use of machine learning techniques and of a dictionary-based approach, so as to detect comments expressing negative attitude. Thus, we can draw conclusions over a user behavior and beliefs via the content the user generated within the limits a social medium. We also use an assumption free flat data representation technique in order to decide over the user's attitude. Furthermore, we compare the results of each method and highlight the common behavior manifested by the users. The demonstration is applied on a crawled community of users on YouTube.
Modern enterprise systems have to comply to regulations such as Basel III resulting in complex security requirements. These requirements need to be modeled at design-time and enforced at runtime. Moreover, modern enterprise systems are often business-process driven, i.e., the system behavior is described as high-level business processes that are executed by a business process execution engine.
Consequently, there is a need for an integrated and tool-supported methodology that allows for specifying and enforcing compliance and security requirements for business process-driven enterprise systems.
In this paper, we present a tool chain supporting both the design-time modeling as well as the run-time enforcement of security requirements for business process-driven systems.
Electronic monitoring in the workplace has been the subject of relentless public criticism. Privacy advocates argue that technological advancements have given overbearing employers powerful tools to abuse employee dignity in the name of productivity and that new legislation should bolster workplace privacy rights. This iBrief contends that current U.S. legal doctrine governing electronic monitoring in the workplace is fair given the nature and purpose of the workplace, and potential employer liability for employee misconduct.
With its 1985 Directive on Data Protection, the European Union highlighted its commitment to the constitutionalisation of European law and, in particular, underlined its vision of the individual European as a rights-bearing individual; empowered through ‘knowledge’ and thus advantaged in communicative processes of political/social/legal bargaining. As such, the move to a data protection regime founded upon notions of individual empowerment, also mirrors a recent and fundamental re-alignment in the guiding principles of regulative labour law, which has seen the paradigm of ‘collective laissez-faire’ challenged, if not superseded, by a redirected emphasis upon the communicative empowerment of the individual employee rather than the representative function of employees’ representatives. Accordingly, it is less than surprising that the field of labour law has seen increasing demands placed upon the Commission to fulfil its promise in the pre-amble to the 1985 Directive, and promulgate Regulations crafted to ensure data protection in line with the specific demands of individual societal sectors. This paper is a policy statement. It re-iterates the need for a Regulation on the protection of employees’ data. Building on the comparative experience of the Member States, it outlines the nature, provisions and scope which such a regulation should entail so as to reflect, both the reality of the modern employment relationship, and a new normative vision of the workplace which aims to inject such relationships with a measure of communicative participation.
Business Process Management Systems (BPMSs) are software platforms that support the definition, execution, and tracking of business processes. BPMSs have the ability of logging information about the business processes they support. Proper analysis of BPMS execution logs can yield important knowledge and help organizations improve the quality of their business processes and services to their business partners. This paper presents a set of integrated tools that supports business and IT users in managing process execution quality by providing several features, such as analysis, prediction, monitoring, control, and optimization. We refer to this set of tools as the Business Process Intelligence (BPI) tool suite. Experimental results presented in this paper are very encouraging. We plan to investigate further enhancements on the BPI tools suite, including automated exception prevention, and refinement of process data preparation stage, as well as integrating other data mining techniques.
Information systems face several security threats, some of which originate by insiders. This paper presents a novel, interdisciplinary
insider threat prediction model. It combines approaches, techniques, and tools from computer science and psychology. It utilizes
real time monitoring, capturing the user’s technological trait in an information system and analyzing it for misbehavior.
In parallel, the model is using data from psychometric tests, so as to assess for each user the predisposition to malicious
acts and the stress level, which is an enabler for the user to overcome his moral inhibitions, under the condition that the
collection of such data complies with the legal framework. The model combines the above mentioned information, categorizes
users, and identifies those that require additional monitoring, as they can potentially be dangerous for the information system
and the organization.
form only given. The observations that security is not an add-on feature and that insiders pose a considerable security threat have both been familiar in the security community for a long time. Attempts to deal with insider threats are not new either. Relevant techniques such as separation of duties are part of the standard toolset of security practitioners. However, it may well be true that in the past most countermeasures against insider threats belonged to the social and not to the technical domain. With increasing automation and IT support for business processes this approach is reaching its limits, as are approaches that just add-on IT security to business processes. This talk will argue that defending against insider threats is in fact just one aspect of designing secure organisational (business) processes, and that one has to start at the design of the processes within an organization to make progress in dealing with insider threat.
Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness. Jürjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, Jürjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction. With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications. © Springer-Verlag Berlin Heidelberg 2005. All rights are reserved.
Business process management is usually treated from two different perspectives: business administration and computer science. While business administration professionals tend to consider information technology as a subordinate aspect in business process management for experts to handle, by contrast computer science professionals often consider business goals and organizational regulations as terms that do not deserve much thought but require the appropriate level of abstraction. Matthias Weske argues that all communities involved need to have a common understanding of the different aspects of business process management. To this end, he details the complete business process lifecycle from the modeling phase to process enactment and improvement, taking into account all different stakeholders involved. After starting with a presentation of general foundations and abstraction models, he explains concepts like process orchestrations and choreographies, as well as process properties and data dependencies. Finally, he presents both traditional and advanced business process management architectures, covering, for example, workflow management systems, service-oriented architectures, and data-driven approaches. In addition, he shows how standards like WfMC, SOAP, WSDL, and BPEL fit into the picture. This textbook is ideally suited for classes on business process management, information systems architecture, and workflow management. This 2nd edition contains major updates on BPMN Version 2 process orchestration and process choreographies, and the chapter on BPM methodologies has been completely rewritten. The accompanying website www.bpm-book.com contains further information and additional teaching material.
Insider threat is widely recognised as an issue of utmost importance for IS security management. In this paper, we investigate the approach followed by ISO17799, the dominant standard in IS security management, in addressing this type of threat. We unfold the criminology theory that has designated the measures against insider misuse suggested by the standard, i.e. the General Deterrence Theory, and explore the possible enhancements to the standard that could result from the study of more recent criminology theories. The paper concludes with supporting the argument for a multiparadigm and multidisciplinary approach towards IS security management and insider threat mitigation.
In this paper we propose a holistic Criticality Assessment methodology, suitable for the development of an infrastructure protection plan in a multi-sector or national level. The proposed methodology aims to integrate existing security plans and risk assessments performed in isolated infrastructures, in order to assess sector-wide or intra-sector security risks. In order to achieve this, we define three different layers of security assessments with different requirements and goals; the operator layer, the sector layer and the intra-sector or national layer. We determine the characteristics of each layer, as well as their interdependencies. In this way, existing security plans can be fully exploited in order to provide a “shortcut” for the development of security plans for complex inter-dependent infrastructures. A key element in the proposed methodology is the formal definition of interdependencies between different infrastructures and their respective sectors. Interdependencies between infrastructures belonging to the same or to a different sector, as well as interdependencies between different sectors, act as interfaces through which threats and their impacts occurring on different layers or different sectors, are conveyed to others. Current risk assessment methodologies fail to address effectively this issue, thus, the formalization of these interfaces and their interference is an important element for the definition of a holistic Criticality Assessment methodology.
Studies have shown a connection between the individual personality of the user and the way he or she behaves on line. Today many millions of people around the world are connected by being members of various Internet social networks. Ross et al. (2009) studied the connection between the personality of the individual users and their behavior on a social network. They based their study on the self-reports of users of Facebook, one of the most popular social networks, and measured five personality factors using the NEO-PI-R (Costa & McCrae, 1992) questionnaire. They found that while there was a connection between the personalities of surfers and their behavior on Facebook, it was not strong. This study is based on that of Ross et al. (2009), but in our study the self-reports of subjects, were replaced by more objective criteria, measurements of the user-information upload on Facebook. A strong connection was found between personality and Facebook behavior. Implications of the results are discussed.
We present a new approach to building secure systems. In our approach, which we call model driven security, designers specify system models along with their secu- rity requirements and use tools to automatically generate system architectures from the models including complete, configured security infrastructures. Rather than fixing one particular modeling language for this process, we propose a schema for construct- ing such languages that combines languages for modeling systems with languages for modeling security. We present dierent instances of this schema, which combine dier- ent UML modeling languages with a security modeling language for formalizing access control requirements. From models in these languages, we automatically generate secu- rity architectures for distributed applications, built from declarative and programmatic access control mechanisms. The modeling languages and generation process are seman- tically well-founded and are based on an extension of role-based access control. We have implemented this approach in a UML-based CASE tool and report on experiments.
Introduction1. The Crisis That Will Not Go Away2. Reengineering-The Path to Change3. Rethinking Business Processes4. The New World of Work5. The Enabling Role of Information Technology6. Who Will Reengineer?7. The Hunt for Reengineering Opportunities8. The Experience of Process Redesign9. Embarking on Reengineering10. One Company's Experience-Hallmark11. One Company's Experience-Taco Bell12. One Company's Experience-Capital Holding13. One Company's Experience-Bell Atlantic14. Succeeding at Reengineering15. Questions that Readers Ask the MostEpilogueIndex
One approach to detecting insider misbehavior is to monitor system call activity and watch for danger signs or unusual behavior. We describe an experimental system designed to test this approach. We tested the system's ability to detect common insider misbehavior by examining file system and process-related system calls. Our results show that this approach can detect many such activities.
En Source Intelligence. Handbook of Intelligence Studi-es
- R D Steele
R.D. Steele, "Open source intelligence. Handbook of intelligence studies", pp. 129, 2007.
Building A Multidimensional Pat-tern Language for Insider Threats
- D Mundie
- A Moore
- D Mcintire
D. Mundie, A. Moore, and D. McIntire, Building a multidimensional pattern language for insider threats, CERT, Carnegie Mellon University,
USA, 2012.
Which side are you on A new Panopticon vs
- M Kandias
- L Mitrou
- V Stavrou
- D Gritzalis
is still fiction: Electronic monitoring in the workplace and US privacy law, Duke Law &Technology Review
- C Fazekas
Regulation of electronic employee monitoring: Identifying fundamental principles of employee privacy th-rough a comparative study of data privacy legislation in the European U-nion, US and Canada
- G Lasprogata
- N King
- S Pillay
G. Lasprogata, N. King, and S. Pillay, "Regulation of electronic employee
monitoring: Identifying fundamental principles of employee privacy through a comparative study of data privacy legislation in the European Union, US and Canada", Stanford Technology Law Review 4, 2004.
Which side are you on? A new Panopticon vs. Privacy
- M Kandias
- L Mitrou
- V Stavrou
- D Gritzalis
M. Kandias, L. Mitrou, V. Stavrou, and D. Gritzalis, "Which side are you
on? A new Panopticon vs. Privacy", Proc. of the 10 th International Conference on Security and Cryptography, pp. 98-110, 2013.
- weske
Regulation of electronic employee monitoring: Identifying fundamental principles of employee privacy th-rough a comparative study of data privacy legislation in the European U-nion, US and Canada
- lasprogata
Which side are you on a new panopticon vs privacy
- kandias
SecureBPMN: Modeling and enforcing access control requirements in business pro-cesses
- A Brucker
- I Hang
- G Lckemeyer
- R Ruparel