dc.creator | Varela Vaca, Ángel Jesús | es |
dc.creator | Martínez Gasca, Rafael | es |
dc.date.accessioned | 2022-11-16T11:33:47Z | |
dc.date.available | 2022-11-16T11:33:47Z | |
dc.date.issued | 2015 | |
dc.identifier.citation | Varela Vaca, Á.J. y Martínez Gasca, R. (2015). Formalization of security patterns as a means to infer security controls in business processes. Logic Journal of the IGPL, 23 (1), 57-72. https://doi.org/10.1093/jigpal/jzu042. | |
dc.identifier.issn | 1367-0751 | es |
dc.identifier.issn | 1368-9894 | es |
dc.identifier.uri | https://hdl.handle.net/11441/139505 | |
dc.description.abstract | The growing trend towards the automation and externalization of business processes by means of Technology Infrastructure
(TI), such as Business Process Management Systems, has increased the security risks in the organizations. In the majority
of cases, the issue of security is overlooked by default in these systems. Therefore, the early selection and implementation
of security controls that mitigate risks is a real and crucial need. Nevertheless, there exists an enormous range of IT security
controls and their configuration is a human, manual, time-consuming and error-prone task. In addition, security controls
are implemented out separately from the organization perspective and involve many stakeholders. This separation makes
difficult to ensure the effectiveness of these controls with regard to organizational requirements. In this article, we propose a
formalization of security controls based on security pattern templates and feature models. This formalization allows applying
feature domain-oriented analysis and constraint programming techniques for the automatic inference, selection and generation
of optimal security controls with regard to single and multiple business objectives | es |
dc.description.sponsorship | Junta de Andalucía P08-TIC-04095 | es |
dc.description.sponsorship | Ministerio de Educación y Ciencia TIN2009-13714 | es |
dc.format | application/pdf | es |
dc.format.extent | 16 | es |
dc.language.iso | eng | es |
dc.publisher | Oxford University Press | es |
dc.relation.ispartof | Logic Journal of the IGPL, 23 (1), 57-72. | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.subject | Business process | es |
dc.subject | Security patterns | es |
dc.subject | Feature model | es |
dc.subject | Constraint programming | es |
dc.subject | Optimization | es |
dc.title | Formalization of security patterns as a means to infer security controls in business processes | es |
dc.type | info:eu-repo/semantics/article | es |
dcterms.identifier | https://ror.org/03yxnpp24 | |
dc.type.version | info:eu-repo/semantics/submittedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.projectID | P08-TIC-04095 | es |
dc.relation.projectID | TIN2009-13714 | es |
dc.relation.publisherversion | https://academic.oup.com/jigpal/article/23/1/57/685166 | es |
dc.identifier.doi | 10.1093/jigpal/jzu042 | es |
dc.contributor.group | Universidad de Sevilla. TIC-258: Data-centric Computing Research Hub | es |
dc.journaltitle | Logic Journal of the IGPL | es |
dc.publication.volumen | 23 | es |
dc.publication.issue | 1 | es |
dc.publication.initialPage | 57 | es |
dc.publication.endPage | 72 | es |
dc.contributor.funder | Junta de Andalucía | es |
dc.contributor.funder | Ministerio de Educación y Ciencia (MEC). España | es |