Jump to ContentJump to Main Navigation
Show Summary Details
More options …

it - Information Technology

Methods and Applications of Informatics and Information Technology

Editor-in-Chief: Molitor, Paul

6 Issues per year

See all formats and pricing
More options …
Volume 55, Issue 6


Eliciting Security Requirements from the Business Processes Using Security Risk-Oriented Patterns

Nutzung risk-basierter Muster zur Erhebung von Sicherheitsanforderungen in Geschäftsprozessen

Raimundas Matulevičius / Naved Ahmed
Published Online: 2013-12-19 | DOI: https://doi.org/10.1515/itit.2013.2002


Although importance of aligning modelling of business processes and security is growing, there is rather limited research performed on elicitation of security requirements from the business processes. In this paper we discuss how security risk-oriented patterns could help solving the above problem. Using the illustrative example, we present a two-step method for (i) pattern occurrence discovery in, and (ii) for security requirements definition from the business process model. We hope that our proposal could help elicit security requirements at the early system development stages, however, we still need to validate it empirically.


Dieser Beitrag fokussiert auf die Nutzung von risk-orientierter Muster zur Erhebung von Sicherheitsanforderungen. Er stellt ein zweistufiges Verfahren für (i) die Entdeckung risk-orientierter Muster in Geschäftsprozessen und (ii) ihre Definition vor.

Keywords: ACM CSS; Security and privacy; Formal methods and theory of security; Security requirements; ACM CCS; Applied computing; Enterprise computing; Business process management

Schlagwörter: Sicherheitsanforderungen; Sicherheitsrisiko basierte Erhebungsmuster; Geschäftsprozesse

About the article

Raimundas Matulevičius

Dr. Raimundas Matulevičius received his Ph.D. diploma from the Norwegian University of Science and Technology in the area of computer and information science. Currently he holds an associate professor position at the University of Tartu (Estonia). His research interests include information systems, business process modelling, requirements engineering, and security risk management. The publication record includes more than 60 articles published in the peer-reviewed journals and conferences. Matulevičius has been a program committee member at the international workshops (e.g., BUSITAL, WOSIS) and conferences (e.g., REFSQ, PoEM, and CAiSE); he is a co-chair of the workshop on Security in Business Processes (SBP).

Institute of Computer Science, J. Liivi 2, 50409 Tartu, Estonia

Naved Ahmed

Naved Ahmed is currently a Ph.D. Candidate in the Department of Computer Sciences at the University of Tartu, Estonia. He received his M.S. degree in Engineering & Management of Information Systems from Royal Institute of Technology, Stockholm, Sweden. He is working on secure business processes and his research interests are in the areas of business process modeling, security engineering and requirements engineering. Besides, he has 3-year experience of software development in telecom sector.

Institute of Computer Science, J. Liivi 2, 50409 Tartu, Estonia

Received: 2013-07-27

Published Online: 2013-12-19

Published in Print: 2013-12-01

Citation Information: it – Information Technology it – Information Technology, Volume 55, Issue 6, Pages 225–230, ISSN (Online) 2196-7032, ISSN (Print) 1611-2776, DOI: https://doi.org/10.1515/itit.2013.2002.

Export Citation

© 2013 by Walter de Gruyter Berlin Boston. Copyright Clearance Center

Comments (0)

Please log in or register to comment.
Log in