Integrating Security Risk Management into Business Process Management for the Cloud

Author

Goettelmann, Elio ; Mayer, Nicolas ; Godart, Claude

Author_Institution

LORIA - INRIA Grand Est, Univ. de Lorraine, Vandoeuvre-lès-Nancy, France

Volume

1

fYear

2014

fDate

14-17 July 2014

Firstpage

86

Lastpage

93

Abstract

Security issues are still preventing wider adoption of cloud computing, especially for businesses which are handling sensitive information. Indeed, by outsourcing its information system (IS), a company can lose control over its infrastructure, its software or even its data. Therefore, new methods and tools need to be defined to respond to this challenge. In this paper we propose to integrate Security Risk Management approaches into Business Process Management to effectively treat security issues at the early phases of the Information System construction. We focus on cloud brokers, emerging actors of the cloud delivery model, who enhance and aggregate existing cloud services to match them with their cloud consumers´ requirements. Our main goal is to provide them with tools and techniques to increase the global security level of an IS through different risk treatment strategies.

Keywords

business data processing; cloud computing; globalisation; information systems; risk management; security of data; business process management; cloud brokers; cloud computing; cloud consumer requirements; cloud delivery model; cloud services; global security; information system construction; risk treatment strategies; security risk management; sensitive information handling; Cloud computing; Companies; Context; Information systems; Risk management; Security; Business Process Management; Cloud Computing; Security Risk Management;

fLanguage

English

Publisher

ieee

Conference_Titel

Business Informatics (CBI), 2014 IEEE 16th Conference on

Conference_Location

Geneva

Type

conf

DOI

10.1109/CBI.2014.29

Filename

6904141