首页 | 本学科首页   官方微博 | 高级检索  
相似文献
 共查询到20条相似文献,搜索用时 281 毫秒
1.
ABSTRACT

Today's businesses being IT enabled, the complexity of risks affecting the business has increased manifold and the need to gauge the Information Technology risks acting on the business operations has become paramount. The business managers who run business operations need to operate securely and seamlessly leveraging Information Technology and ability to recover and resume the business without any loss of confidentiality, integrity and availability of business information/data in any event of a security incident.

There is a need to quantify the impact of the IT security risk on the critical business processes, and provide the business-level insight at the management level. It is critical to classifying the Risk Ratings as per the impact on the business operations. This approach allows the organizations to understand and prioritize the security risk management activities that make the most sense for their organization to secure the business operations instead of trying to protect against every conceivable threat.  相似文献   

2.
Business process management (BPM) has emerged as a prominent information management approach focusing on the design, execution and governance of organizational business processes. The ability to deal with both foreseen and unforeseen changes in business processes is considered critical for contemporary business process management systems. This paper proposes an approach that couples an event-driven framework for detecting and reasoning in situations that pose the need for process adaptations with MCDM methods for selecting adaptations. The proposed approach has been implemented in an aspect-oriented extension of a BPMN2.0 engine in order to enact adaptations of business processes in real-time.  相似文献   

3.
ContextThe use of Business Process Management Systems (BPMS) has emerged in the IT arena for the automation of business processes. In the majority of cases, the issue of security is overlooked by default in these systems, and hence the potential cost and consequences of the materialization of threats could produce catastrophic loss for organizations. Therefore, the early selection of security controls that mitigate risks is a real and important necessity. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. Furthermore, configurations are carried out separately from the organization perspective and involve many security stakeholders. This separation makes difficult to ensure the effectiveness of the configuration with regard to organizational requirements.ObjectiveIn this paper, we strive to provide security stakeholders with automated tools for the optimal selection of IT security configurations in accordance with a range of business process scenarios and organizational multi-criteria.MethodAn approach based on feature model analysis and constraint programming techniques is presented, which enable the automated analysis and selection of optimal security configurations.ResultsA catalogue of feature models is determined by analyzing typical IT security controls for BPMSs for the enforcement of the standard goals of security: integrity, confidentiality, availability, authorization, and authentication. These feature models have been implemented through constraint programs, and Constraint Programming techniques based on optimized and non-optimized searches are used to automate the selection and generation of configurations. In order to compare the results of the determination of configuration a comparative analysis is given.ConclusionIn this paper, we present innovative tools based on feature models, Constraint Programming and multi-objective techniques that enable the agile, adaptable and automatic selection and generation of security configurations in accordance with the needs of the organization.  相似文献   

4.
5.
In order to remain competitive and sustainable in today's ever-changing business environments, organizations need to frequently make changes to their business activities and the corresponding business process models. One of the critical issues that an organization faces is change impact analysis: estimating the potential effects of changing a business process to other processes in the organization's business process repository. In this paper, we propose an approach to change impact analysis which mines a version history of a business process model repository. Our approach then identifies business process models that have been co-changed in the past and uses this knowledge to predict the impact of future changes. An empirical validation on a real business process model repository has showed the effectiveness of our approach in predicting impact of a change.  相似文献   

6.
Business architecture: A new paradigm to relate business strategy to ICT   总被引:1,自引:0,他引:1  
In this paper we address the concept of business architecture. We explain the concept and, based on a case study, discuss its relevance, operation, relationship with strategy and business models, and value for an organization. We also shortly discuss the approach that was taken to create the business architecture; how it was based on and derived from the business strategy. Business architectures contribute to clarify the complexity within an organization and form a useful starting point from which to develop subsequent functional, information, process and application architectures. We clarify these relationships through an architecture linkage model. Having an explicit business architecture also helps to structure the responsibilities within an organization, and to shape outsourcing activities, within the primary process as well as with regard to ICT-support. Business architectures contribute to an adequate ICT-governance in order to orchestrate the resources for critical business activities and how to manage the development and support for e-business efficiently. Gerrit Versteeg is managing partner/business architect for FourPoints Intelligence and has almost twenty years of experience in designing architectures for a variety of large customers. He graduated with honors in Strategic Management at Rotterdam School of Management (Erasmus University) and is currently pursuing his PhD researching the field of Business Architecture at Delft University of Technology. Harry Bouwman is an associate professor at Delft University of Technology, Information and Communication Technology, Faculty Technology, Policy and Management. He served as an interim chair of the ICT-section in the period 2000–2002 and in 2004. He studied political science at the Free University of Amsterdam (1979). He is specialized in research methods and techniques, statistic and communication sciences. He followed courses in the domain of Computer Science at the Open University (1985–86). He received his PhD at Catholic University Nijmegen in 1986 at the Faculty of Social Science. Fields of interest:—ICT and organizations, strategic management in relation to ICT-management, Business Architecture;- Business models, Customer Value, Network formation, specifically with regard to 3G+ Mobile telecommunications services;- Innovation Management, ICT-entrepreneurship, high-tech ICT clusters or technopoles, incubators, role of national and local governments, and - Technology neutral regulation of telecommunication, (history of) Internet, Interconnection issues, QoS, telecommunication management.  相似文献   

7.
ABSTRACT

Business enterprises are increasingly realizing the importance of business continuity management (BCM). Availability BS 25999 Standard has facilitated a consistent methodology that organizations can follow in designing their BCM System. This paper intends to provide a conceptual understanding of BCM right from BCM Policy to BCM maturity by describing the steps involved in the implementation of BCM Standard – BS 25999 – to ensure business continuity in the event of an outage. The key BCM tasks have been categorized into three phases of business continuity – Pre-event Preparation, Event Management, and Post-event Continuity. This paper also highlights some of the challenges experienced by the author in carrying out Risk Assessment and Business Impact Analysis. The Business Continuity Maturity Model® of Virtual Corporation is provided (with their permission) as a tool to strengthen business continuity maturity or organizations.  相似文献   

8.
ABSTRACT

Business intelligence (BI) technologies have received much attention from both academics and practitioners, and the emerging field of business analytics (BA) is beginning to generate academic research. However, the impact of BI and the relative importance of BA on corporate performance management (CPM) have not yet been investigated. To address this gap, we modeled a CPM framework based on the Integrative model of IT business value and on information processing theory. Data were collected from a global survey of senior managers in 337 companies. Findings suggest that the more effective the BI implementation, the more effective the CPM-related planning and analytic practices. BI effectiveness is strongly related to BA, planning and to measurement. In contrast, BA effectiveness is strongly related to planning but less so to measurement. The study suggests that although both BI and BA contribute to corporate management practices, the information needs are different based on the level of uncertainty versus ambiguity characteristic of the management practice.  相似文献   

9.
Today's business enterprises must deal with global competition, reduce the cost of doing business, and rapidly develop new services and products. To address these requirements enterprises must constantly reconsider and optimize the way they do business and change their information systems and applications to support evolving business processes. Workflow technology facilitates these by providing methodologies and software to support (i) business process modeling to capture business processes as workflow specifications, (ii) business process reengineering to optimize specified processes, and (iii) workflow automation to generate workflow implementations from workflow specifications. This paper provides a high-level overview of the current workflow management methodologies and software products. In addition, we discuss the infrastructure technologies that can address the limitations of current commercial workflow technology and extend the scope and mission of workflow management systems to support increased workflow automation in complex real-world environments involving heterogeneous, autonomous, and distributed information systems. In particular, we discuss how distributed object management and customized transaction management can support further advances in the commercial state of the art in this area. Recomended by: Omran Bukhres and e. Kühn  相似文献   

10.
Software in general is thoroughly analyzed before it is released to its users. Business processes often are not – at least not as thoroughly as it could be – before they are released to their users, e.g., employees or software agents. This paper ascribes this practice to the lack of suitable instruments for business process analysts, who design the processes, and aims to provide them with the necessary instruments to allow them to also analyze their processes. We use the spreadsheet paradigm to represent business process analysis tasks, such as writing metrics and assertions, running performance analysis and verification tasks, and reporting on the outcomes, and implement a spreadsheet-based tool for business process analysis. The results of two independent user studies demonstrate the viability of the approach.  相似文献   

11.
ABSTRACT

In tough economic times, it is more important than ever to be mindful of common sense security practices. The security posture of your organization can be increased with simple to remember safety tips, inexpensive security technology solutions, and by making your employees aware of rising security threats and ways to mitigate these threats. Risk is inherent to business operations and you can not totally eliminate all types of risks; however, there are some fundamental practices that can be implemented in your organization that will dramatically increase the protection of your organization.  相似文献   

12.
ContextBusiness process models provide a natural way to describe real-world processes to be supported by software-intensive systems. These models can be used to analyze processes in the system-as-is and describe potential improvements for the system-to-be. But, how well does a given business process model satisfy its business goals? How can different perspectives be integrated in order to describe an inter-organizational process?ObjectiveThe aim of the present paper is to link the local and the global perspectives of the inter-organizational business process defined in BPMN 2.0 (Business Process Model and Notation) to KAOS goal models (Keep All Objectives Satisfied). We maintain a separation of concerns between the intentional level captured by the goal model and the organizational level captured by the process model. The paper presents the concept of intentional fragment (a set of flow elements of the process with a common purpose) and assess its usefulness.MethodWe conducted empirical experiments where the proposed concepts – here the intentional fragments – are validated by users. Our method relies on an iterative improvement process led by users feedback.ResultsWe find that the concept of intentional fragment is useful for (1) analyzing the business process model (2) reasoning about the relations between the goal model and the business process model and (3) identifying new goals. In a previous work we focused on BPMN 2.0 collaboration models (local view). This paper extends the previous work by integrating the global view given by choreography models in the approach.ConclusionWe conclude that the notion of intentional fragment is a useful mean to relate business process models and goal models while dealing with their different nature (activity oriented vs goal oriented). Intentional fragments can also be used to analyze the process model and to infer new goals in an iterative manner.  相似文献   

13.
ContextThe increasing adoption of process-aware information systems (PAISs) such as workflow management systems, enterprise resource planning systems, or case management systems, together with the high variability in business processes (e.g., sales processes may vary depending on the respective products and countries), has resulted in large industrial process model repositories. To cope with this business process variability, the proper management of process variants along the entire process lifecycle becomes crucial.ObjectiveThe goal of this paper is to develop a fundamental understanding of business process variability. In particular, the paper will provide a framework for assessing and comparing process variability approaches and the support they provide for the different phases of the business process lifecycle (i.e., process analysis and design, configuration, enactment, diagnosis, and evolution).MethodWe conducted a systematic literature review (SLR) in order to discover how process variability is supported by existing approaches.ResultsThe SLR resulted in 63 primary studies which were deeply analyzed. Based on this analysis, we derived the VIVACE framework. VIVACE allows assessing the expressiveness of a process modeling language regarding the explicit specification of process variability. Furthermore, the support provided by a process-aware information system to properly deal with process model variants can be assessed with VIVACE as well.ConclusionsVIVACE provides an empirically-grounded framework for process engineers that enables them to evaluate existing process variability approaches as well as to select that variability approach meeting their requirements best. Finally, it helps process engineers in implementing PAISs supporting process variability along the entire process lifecycle.  相似文献   

14.
ContextOrganizations are rapidly adopting Business Process Management (BPM) as they focus on their business processes (BPs), seeing them to be key elements in controlling and improving the way they perform their business. Business Process Intelligence (BPI) takes as its focus the collection and analysis of information from the execution of BPs for the support of decision making, based on the discovery of improvement opportunities. Realizing BPs by services introduces an intermediate service layer that enables us to separate the specification of BPs in terms of models from the technologies implementing them, thus improving their modifiability by decoupling the model from its implementation.ObjectiveTo provide an approach for the continuous improvement of BPs, based on their realization with services and execution measurement. It comprises an improvement process to integrate the improvements into the BPs and services, an execution measurement model defining and categorizing several measures for BPs and service execution, and tool support for both.MethodWe carried out a systematic literature review, to collect existing proposals related to our research work. Then, in close collaboration with business experts from the Hospital General de Ciudad Real (HGCR), Spain, and following design science principles, we developed the methods and artifacts described in this paper, which were validated by means of a case study.ResultsWe defined an improvement process extending the BP lifecycle with measurement and improvement activities, integrating an execution measurement model comprising a set of execution measures. Moreover, we developed a plug-in for the ProM framework to visualize the measurement results as a proof-of-concept prototype. The case study with the HGCR has shown its feasibility.ConclusionsOur improvement vision, based on BPs realized by services and on measurement of their execution, in conjunction with a systematic approach to integrate the detected improvements, provides useful guidance to organizations.  相似文献   

15.
Economic globalization leads to complex decentralized company structures calling for the extensive use of distributed IT-systems. The business processes of a company have to reflect these changes of infrastructure. In particular, due to new electronic applications and the inclusion of a higher number of—potentially unknown—persons, the business processes are more vulnerable against malicious attacks than traditional processes. Thus, a business should undergo a security analysis. Here, the vulnerabilities of the business process are recognized, the risks resulting from the vulnerabilities are calculated, and suitable safeguards reducing the vulnerabilities are selected. Unfortunately, a security analysis tends to be complex and affords expensive security expert support. In order to reduce the expense and to enable domain experts with in-depth insight in business processes but with limited knowledge about security to develop secure business processes, we developed the framework MoSSBP facilitating the handling of business process security requirements from their specification to their realization. In particular, MoSS BP provides graphical concepts to specify security requirements, repositories of various mechanisms enforcing the security requirements, and a collection of reference models and case studies enabling the modification of the business processes. In this paper, the MoSS BP -framework is presented. Additionally, we introduce a tool supporting the MoSSBP-related security analysis of business processes and the incorporation of safeguards. This tool is based on object-oriented process models and acts with graph rewrite systems. Finally, we clarify the application of the MoSSBP-framework by means of a business process for tender-handling which is provided by anonymity-preserving safeguards. Peter Herrmann studied computer science at the University of Karlsruhe, Germany (diploma in 1990). Afterwards, he worked as a Ph.D. student (doctorate in 1997) and postdoctoral researcher in the Computer Networks and Distributed Systems Group of the Computer Science Department at the University of Dortmund, Germany. Since 2005 he is a full professor for formal methods at the Department for Telematics of the Norwegian University of Science and Technology (NTNU) in Trondheim, Norway. His research interests include the formal-based development of networked systems and the engineering of distributed services. Moreover, he is interested in security and trust aspects of component structured distributed software. Gaby Herrmann studied computer science at the University of Karlsruhe, Germany (diploma in 1991). Afterwards, she worked as a researcher in the Communication Group and the Information Systems Group at University of Duisburg-Essen (Doctorate in 2001, topic: security of business processes). Since 2000 she works as executive secretary at the Department of Economics, Business Studies and Computer Sciences at the same university.  相似文献   

16.
ContextBusiness process modeling is an essential part of understanding and redesigning the activities that a typical enterprise uses to achieve its business goals. The quality of a business process model has a significant impact on the development of any enterprise and IT support for that process.ObjectiveSince the insights on what constitutes modeling quality are constantly evolving, it is unclear whether research on business process modeling quality already covers all major aspects of modeling quality. Therefore, the objective of this research is to determine the state of the art on business process modeling quality: What aspects of process modeling quality have been addressed until now and which gaps remain to be covered?MethodWe performed a systematic literature review of peer reviewed articles as published between 2000 and August 2013 on business process modeling quality. To analyze the contributions of the papers we use the Formal Concept Analysis technique.ResultsWe found 72 studies addressing quality aspects of business process models. These studies were classified into different dimensions: addressed model quality type, research goal, research method, and type of research result. Our findings suggest that there is no generally accepted framework of model quality types. Most research focuses on empirical and pragmatic quality aspects, specifically with respect to improving the understandability or readability of models. Among the various research methods, experimentation is the most popular one. The results from published research most often take the form of intangible knowledge.ConclusionWe believe there is a lack of an encompassing and generally accepted definition of business process modeling quality. This evidences the need for the development of a broader quality framework capable of dealing with the different aspects of business process modeling quality. Different dimensions of business process quality and of the process of modeling still require further research.  相似文献   

17.
This paper introduces the ideas behind BPML, the business process modelling language published by BPMI. BPML provides a process-centric (as opposed to a datacentric) metalanguage and execution model for business systems. It is underpinned by a strong mathematical foundation, the pi-calculus. The current paper is derived from supplementary appendices to a book which describes a ‘third wave’ approach to business process management [Business Process Management: The Third Wave, 2003]. The aim is to model business processes directly in an executable form, so that the mobility and mutability inherent in business behaviour is reflected and supported in the corresponding IT systems, erasing the present IT-business divide.  相似文献   

18.
19.
业务流程优化分析是业务流程管理的重要内容之一,存在配置信息的优化分析显得尤为重要。已有研究主要集中于业务流程优化分析,但对于存在配置信息的业务流程优化则存在不足。对业务流程配置优化分析进行了研究,提出了日志与业务流程Petri网模型的紧密度计算方法 以及基于行为紧密度的业务流程配置优化分析方法。首先根据给定事件日志的执行序列及实例数建立初始模型,计算初始模型与剩余日志的紧密度,利用紧密度大的日志优化初始模型;然后引进配置变迁对初步优化后的模型进行进一步优化;最后通过一个简单的实例说明了该方法的可行性。  相似文献   

20.
Businesses need to continuously focus on change and innovation in order to survive in dynamic environments. The ability of an organization to deploy appropriate business processes requires that the fit between business processes and systems that support the management of these processes is continuously maintained and evolved. Acquisition and use of the knowledge about the context in which business processes are defined, modified, and implemented can help maintain this fit. We identify requirements for a business process management system (BPMS) capable of managing contextual knowledge. Based on these requirements, we have enhanced KOPeR, a knowledge-based system for business process improvement, with an explanation facility that can acquire and maintain knowledge about the context behind process definitions and design choices. A case study that illustrates the functionalities of this system which is designed to improve the fit between business processes and BPMS is presented.
Peng XuEmail:
  相似文献   

设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号