Analyzing Business Process Security Using Attributed Metagraphs

Abstract

Inter-organization workflow is increasing in importance as organizations rely on outsourcing and offshoring to deliver complex global business processes. Capitalizing on enhancements to telecommunications infrastructure, information systems are integral to coordinating and distributing processes for both internal and external business units. Unfortunately, this increased reliance is occurring in an environment of escalating threats to information security compounded by market sensitivity and regulatory intensity. Building on recent workflow research, we investigate use of an attributed metagraph representation to analyze business process security. Using examples of both risk analysis and impact mitigation, we demonstrate the usefulness of attributed metagraphs for process analysis. Metagraph-based representation both supports assessment of existing processes as well as provides normative guidance for process redesign.