Navegación

Búsqueda

Búsqueda avanzada

Automatic Verification and Diagnosis of Security Risk Assessments in Business Process Models (Summary)

Organizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company’s security policies. A risk may be defined as the effects of uncertainty on the achievement of the goals of a company, some of which can be associated with security aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using business processes models, in which the risk of the entire business process model derives from a combination of the single activity risks (executed in an isolated manner). In this paper, the problem of automatic security risk management in the current BPMS is addresses. First, a formalization of the risk elements according to process models is included. These elements are supported as a BPMN 2.0 extension of risk information that is analyzed to determine nonconformance regarding risk goals. In addition, a diagnosis of the risk associated with the activity responsible for the nonconformance is also carried out. To this end, the proposal applies mechanisms based on the model-based diagnosis in which activities are in nonconformance with regard to the acceptable level of risk. The automation of diagnosis is carried out using artificial intelligence techniques based on constraint programming. The proposal is supported by the implementation of a plug-in that enables the graphical specification of the extension and the automation of the verification and diagnosis process. To the best of our knowledge, this is the first published work that addresses the risk-aware design of business processes with automatic techniques.

Run-time prediction of business process indicators using evolutionary decision rules (Summary)

Summary of the contribution

Predictive monitoring of business processes is a challenging topic of process min- ing which is concerned with the prediction of process indicators of running pro- cess instances. The main value of predictive monitoring is to provide information in order to take proactive and corrective actions to improve process performance and mitigate risks in real time. In this paper, we present an approach for pre- dictive monitoring based on the use of evolutionary algorithms. Our method provides a novel event window-based encoding and generates a set of decision rules for the run-time prediction of process indicators according to event log properties. These rules can be interpreted by users to extract further insight of the business processes while keeping a high level of accuracy. Furthermore, a full software stack consisting of a tool to support the training phase and a framework that enables the integration of run-time predictions with business process man- agement systems, has been developed. Obtained results show the validity of our proposal for two large real-life datasets: BPI Challenge 2013 and IT Department of Andalusian Health Service (SAS).

Methodology to Extend RAL

Resource Assignment Language (RAL) is a language for the selection of organisational resources that can be used, for example, for the assignment of human resources to business process activities. Its formal semantics have allowed the automation of analysis operations in several phases of the business process lifecycle. RAL was designed considering a specific organisational metamodel and pursuing specific purposes. However, it can be extended to deal with similar problems in different domains and under different circumstances. In this paper, a methodology to extend RAL is introduced, and an extension to support another organisational metamodel is described as a proof-of-concept.

On the Calculation of Process Performance Indicators

Performance calculation is a key factor to match corporate goals between different partners in process execution. However, although, a number of standards protocols and languages have recently emerged to support business process services in the industry, there is no standard related to monitoring of performance indicators over processes in these systems. As a consequence, BPMS use propietary languages to define measures and calculate them over process execution. In this paper, we describe two different approaches to compute performance mea- sures on business process decoupled from specific Business Process Man- agement System (BPMS) with an existing BPMS-independent language (PPINOT) to define indicators over business processes. Finally, some optimization techniques are described to increase calculation performance based on computing aggregated measures incrementally.