期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

业务过程元素安全目标分析方法 被引量:2

Analysis on security objectives of business process elements
下载PDF
导出
摘要 为了确定业务过程的安全需要,提出一种业务过程元素(BPEs)的安全目标分析方法.该方法依据业务过程模型,通过对BPEs安全目标赋予初始值,根据活动的出度和入度确认活动安全目标加权系数;同时还提出了BPEs安全目标一致性检验规则和修正原则,据此检验和修正BPEs安全目标初值,最终确定BPEs的安全目标值.案例研究表明,以BPEs所支持的业务过程为根本,该方法能够客观地确定BPEs安全目标,为更具针对性地保护信息系统提供指南. A method of analyzing security objectives of business process elements(BPEs) was presented to determine the security requirements of business processes.According to the business process model,the initial security objectives of BPEs were identified based on a general classification.And the weighting coefficients of the security objectives of activities were affirmed by calculating the in-degree and out-degree of activities.The consistency checking rules and revising principles were brought forward to check and modify the security objectives,the final security objectives of BPEs were obtained.A case study showed that the proposed method could be used to get the security objectives of BPEs objectively.
作者 余志伟 唐任仲
机构地区 浙江大学现代制造工程研究所
出处 《浙江大学学报(工学版)》 EI CAS CSCD 北大核心 2007年第8期1244-1248,1270,共6页 Journal of Zhejiang University:Engineering Science
基金 国家"863"高技术研究发展计划资助项目(2003AA414045) 浙江省制造业信息化工程重大科技攻关资助项目(2003C11010)
关键词 业务过程元素 安全目标 一致性检验 信息系统 business process elements(BPEs) security objective consistency checking information system
分类号 F270 [经济管理—企业管理] TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献4

  • 1RHRIG S,Using process models to analyse IT security requirements[EB/OL].[2005-04-29].http://www.ifi.unizh.ch/ publications/diss/Jahr_2003/thesis_roehrig.pdf.
  • 2闵京华,马卫国,胡道元.基于信息安全理论和模型的安全需求分析[J].网络安全技术与应用,2004(11):58-60. 被引量:8
  • 3CHOI S,CHAE S,LEE G.SRS-Tool:a security functional requirement specification development tool for application information system of organization[C]∥ Computational Science and Its Applications-ICCSA 2005,Singapore.Berlin/Heidelberg:Lecture Notes in Computer Science,2005(3481):458-467.
  • 4何德全.安全并无绝对[J].信息网络安全,2002(10):23-23. 被引量:1

二级参考文献3

  • 1余志伟,唐任仲.业务过程元素安全目标分析方法[J].浙江大学学报(工学版),2007,41(8):1244-1248. 被引量:2
  • 2中国教育与人力资源问题报告课题组.从人口大国迈向人力资源强国[M]高等教育出版社,2003.
  • 3李子奈,叶阿忠.高等计量经济学[M]清华大学出版社,2000.

共引文献7

同被引文献11

  • 1中国教育与人力资源问题报告课题组.从人口大国迈向人力资源强国[M]高等教育出版社,2003.
  • 2李子奈,叶阿忠.高等计量经济学[M]清华大学出版社,2000.
  • 3Rikhardsson Pall, Best Peter J, Green Peter et al. Business Process Risk Management, Compliance and Internal Control: A Research Agenda [ EB/OL ]. ( 2006-05-29 ) [ 2015-05-25 ].http://core, ac. uk/download/pdf/7279056, pdf.
  • 4Zur Muehlen M, Rosemann M. Integrating Risks in Business Process Models [ EB/OL ]. ( 2005-05-29 ) [ 2015-05-25 ]. http ://aisel. aisnet, org/acis2005/50/.
  • 5Fergle D'Aubeterre, Lakshmi S. Iyer Rahul Singh. An empirical evaluation of information security awareness levels in designing secure business processes [ EB/OL ]. ( 2009-05-20 ) [ 2015-05- 25 ]. http://delivery, acre. org/10. 1145/1560000/1555641/ al 6- d_aubeterre, pdf.
  • 6Conforti R, Rosa M L, Fortino G, et al. Real-time risk monitoring in business processes : A sensor-based approach[ J]. Journal of Systems & Software, 2013,86( 11 ) :2939-2965.
  • 7Stefan Fenz, Andreas Ekelhart, Thomas Neubauer. Business Process-Based Resource Importance Determination [ C ]// Proceedings of the 7th International Conference on Business Process Management. Springer-Verlag LNCS, University of Ulm, Ulm, Germany, 2009 : 113-127.
  • 8Suh B,Han I. The IS risk analysis based on a business model [J]. Information & Management, 2003,41 (2) :149-158.
  • 9RHRIG S. Using process models to analyse IT security requirements [ EB/OL ]. [ 2015-05-25 ]. http ://www. ifi. unizh. ch/publications/diss/Jahr_2003/thesis_roehrig, pdf.
  • 10Breu R, Innerhofer-Oberperfler F. Model based business driven IT security analysis [ EB/OL]. ( 2005-08-29 ) [ 2015-06-12 ]. http://citeseerx, ist. psu. edu/showciting? cid=5317990.

引证文献2

二级引证文献1

浙江大学学报(工学版)
2007年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部