The Danger Within: Insider Threat Modeling Using Business Process Models

被引:0
作者
von der Assen, Jan [1 ]
Hochuli, Jasmin [1 ]
Grubl, Thomas [1 ]
Stiller, Burkhard [1 ]
机构
[1] Univ Zurich UZH, Dept Informat, Commun Syst Grp, CH-8050 Zurich, Switzerland
来源
2024 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR | 2024年
关键词
Threat Modeling; Insider Threats; Risk Management; Business Process Modeling; BPMN;
D O I
10.1109/CSR61664.2024.10679492
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Threat modeling has been successfully applied to model technical threats within information systems. However, a lack of methods focusing on non-technical assets and their representation can be observed in theory and practice. Following the voices of industry practitioners, this paper explored how to model insider threats based on business process models. Hence, this study developed a novel insider threat knowledge base and a threat modeling application that leverages Business Process Modeling and Notation (BPMN). Finally, to understand how well the theoretic knowledge and its prototype translate into practice, the study conducted a real-world case study of an IT provider's business process and an experimental deployment for a real voting process. The results indicate that even without annotation, BPMN diagrams can be leveraged to automatically identify insider threats in an organization.
引用
收藏
页码:186 / 192
页数:7
相关论文
共 50 条
  • [41] GOVERNANCE, RISKS AND COMPLIANCE: INTEGRATED MODEL USING BUSINESS PROCESS MODELING
    Birchal, Daniel Massiere
    Zaidan, Fernando Hadad
    Braga, Jose Luis
    REVISTA ELETRONICA DE ESTRATEGIA E NEGOCIOS-REEN, 2019, 12 (03): : 75 - 96
  • [42] QoS modeling and automatic generation from SoaML service models for business process execution
    Delgado, Andrea
    2015 IEEE 12TH INTERNATIONAL CONFERENCE ON SERVICES COMPUTING (SCC 2015), 2015, : 522 - 529
  • [43] Methodology for Business Process Modeling A Study Case within the Brazilian Ministry of Planning, Budget and Management
    de Sousa, Rafael T., Jr.
    de Deus, Flavio E. G.
    de Sousa, Bruno A.
    Villapouca, Nelson G.
    Holanda, Maristela T.
    Araujo, Aleteia P. F.
    Freitas, Henrique
    Cortes, Fabiano
    Santos, Renan
    Mentzingen de Moraes, Altino J.
    2015 10TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI), 2015,
  • [44] Modeling and Verification of Insider Threats Using Logical Analysis
    Kammuller, Florian
    Probst, Christian W.
    IEEE SYSTEMS JOURNAL, 2017, 11 (02): : 534 - 545
  • [45] Collaborative discovery and enrichment of business process models using a semantification approach
    Derevyanko, Yevheniya
    Guerreiro, Sergio
    Sousa, Pedro
    2021 IEEE 23RD CONFERENCE ON BUSINESS INFORMATICS, CBI 2021, VOL 1, 2021, : 72 - 81
  • [46] Introducing Entity-Based Concepts to Business Process Modeling
    Sperner, Klaus
    Meyer, Sonja
    Magerkurth, Carsten
    BUSINESS PROCESS MODEL AND NOTATION (BPMN 2011), 2011, 95 : 166 - 171
  • [47] An empirical study of business process models and model clones on GitHub
    Nikoo, Mahdi Saeedi
    Kochanthara, Sangeeth
    Babur, Onder
    van den Brand, Mark
    EMPIRICAL SOFTWARE ENGINEERING, 2025, 30 (02)
  • [48] Deriving Normalized Systems Elements from Business Process Models
    Van Nuffel, Dieter
    Mannaert, Herwig
    De Backer, Carlos
    Verelst, Jan
    2009 FOURTH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING ADVANCES (ICSEA 2009), 2009, : 27 - 32
  • [49] MEASURING SOFTWARE FUNCTIONAL SIZE FROM BUSINESS PROCESS MODELS
    Monsalve, Carlos
    Abran, Alain
    April, Alain
    INTERNATIONAL JOURNAL OF SOFTWARE ENGINEERING AND KNOWLEDGE ENGINEERING, 2011, 21 (03) : 311 - 338
  • [50] R-BPMN for abstract modeling of business process patterns
    Kim, Dae-Kyoo
    Chung, Yeasun K.
    BUSINESS PROCESS MANAGEMENT JOURNAL, 2021, 27 (05) : 1445 - 1462
12345