dc.contributor.author | Wangen, Gaute | |
dc.contributor.author | Snekkenes, Einar | |
dc.date.accessioned | 2018-02-12T09:20:51Z | |
dc.date.available | 2018-02-12T09:20:51Z | |
dc.date.created | 2014-11-10T13:38:49Z | |
dc.date.issued | 2014 | |
dc.identifier.isbn | 978-83-60810-58-3 | |
dc.identifier.uri | http://hdl.handle.net/11250/2483957 | |
dc.description.abstract | Information Security Standards such as NIST SP 800-39 and ISO/IEC 27005:2011 are turning their scope towards business process security. And rightly so, as introducing an information security control into a business-processing environment is likely to affect business process flow, while redesigning a business process will most certainly have security implications. Hence, in this paper, we investigate the similarities and differences between Business Process Management (BPM) and Information Security Management (ISM), and explore the obstacles and opportunities for integrating the two concepts. We compare three levels of abstraction common for both approaches; top-level implementation strategies, organizational risk views & associated tasks, and domains. With some minor differences, the comparisons shows that there is a strong similarity in the implementation strategies, organizational views and tasks of both methods. The domain comparison shows that ISM maps to the BPM domains; however, some of the BPM domains have only limited support in ISM. | nb_NO |
dc.language.iso | eng | nb_NO |
dc.publisher | Institute of Electrical and Electronics Engineers (IEEE) | nb_NO |
dc.relation.ispartof | Proceedings of the 2014 Federated Conference on Computer Science and Information Systems | |
dc.relation.uri | https://fedcsis.org/proceedings/2014/ | |
dc.title | A Comparison between Business Process Management and Information Security Management | nb_NO |
dc.type | Chapter | nb_NO |
dc.description.version | acceptedVersion | nb_NO |
dc.source.pagenumber | 901-910 | nb_NO |
dc.identifier.doi | 10.15439/2014F77 | |
dc.identifier.cristin | 1171583 | |
dc.description.localcode | © 2014 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | nb_NO |
cristin.unitcode | 194,18,21,80 | |
cristin.unitname | Norwegian Information Security Lab | |
cristin.ispublished | true | |
cristin.fulltext | original | |
cristin.qualitycode | 1 | |