Assessment of Business Process Information Security
2007 (English)In: International Journal of Business Process Integration and Management, Vol. 3, no 2, 118-130 p.Article in journal (Refereed) Published
Business processes are increasingly dependent on their supporting information systems. With this dependence comes an increased security risk with respect to the information flowing through the processes. This paper presents a method for assessment of the level of information security within business processes in the form of a percentage number, where a high score indicates good information security and a low score indicates a poor level of information security. The method also provides a numerical estimate of the credibility of the information security score, so that an assessment based on few and uncertain pieces of evidence is associated with low credibility and an assessment based on a large set of trustworthy evidence is associated with high credibility. A common problem with information security assessments is the cost related to collecting the required evidence. The paper proposes an evidence collection strategy designed to minimize the effort spent on gathering assessment data while maintaining the desired credibility of the results. A case study is presented, demonstrating the use of the method.
Place, publisher, year, edition, pages
2007. Vol. 3, no 2, 118-130 p.
Electrical Engineering, Electronic Engineering, Information Engineering Computer Systems
IdentifiersURN: urn:nbn:se:kth:diva-80674DOI: 10.1504/IJBPIM.2008.020975ScopusID: 2-s2.0-55549123558OAI: oai:DiVA.org:kth-80674DiVA: diva2:496604
QC 201202282012-02-102012-02-102014-10-21Bibliographically approved