Enviar búsqueda
Cargar
Addressing security concerns through BPM
•
Descargar como PPTX, PDF
•
6 recomendaciones
•
3,165 vistas
Alexander SAMARIN
Seguir
Tecnología
Empresariales
Denunciar
Compartir
Denunciar
Compartir
1 de 32
Descargar ahora
Recomendados
Business Architecture Patterns (BPM in Practice conference)
Business Architecture Patterns (BPM in Practice conference)
Alexander SAMARIN
BPM for SOA+ESB+API and cloud
BPM for SOA+ESB+API and cloud
Alexander SAMARIN
Better application architecture with #microservices and #BPM (as APaaS)
Better application architecture with #microservices and #BPM (as APaaS)
Alexander SAMARIN
BPM for developers
BPM for developers
Alexander SAMARIN
Importance of executable processes and BPMN
Importance of executable processes and BPMN
Alexander SAMARIN
Integration via #BPM: become friendly to #cloud
Integration via #BPM: become friendly to #cloud
Alexander SAMARIN
How EA, BPM, SOA and ECM work together
How EA, BPM, SOA and ECM work together
Alexander SAMARIN
Help #SME becoming #digital
Help #SME becoming #digital
Alexander SAMARIN
Recomendados
Business Architecture Patterns (BPM in Practice conference)
Business Architecture Patterns (BPM in Practice conference)
Alexander SAMARIN
BPM for SOA+ESB+API and cloud
BPM for SOA+ESB+API and cloud
Alexander SAMARIN
Better application architecture with #microservices and #BPM (as APaaS)
Better application architecture with #microservices and #BPM (as APaaS)
Alexander SAMARIN
BPM for developers
BPM for developers
Alexander SAMARIN
Importance of executable processes and BPMN
Importance of executable processes and BPMN
Alexander SAMARIN
Integration via #BPM: become friendly to #cloud
Integration via #BPM: become friendly to #cloud
Alexander SAMARIN
How EA, BPM, SOA and ECM work together
How EA, BPM, SOA and ECM work together
Alexander SAMARIN
Help #SME becoming #digital
Help #SME becoming #digital
Alexander SAMARIN
Incremental transformation to #digital (explicit and executable) processes
Incremental transformation to #digital (explicit and executable) processes
Alexander SAMARIN
Ladder of business process practices
Ladder of business process practices
Alexander SAMARIN
Achieving synergy between BPM, SOA and EA
Achieving synergy between BPM, SOA and EA
Alexander SAMARIN
Architecting digital transformation v1
Architecting digital transformation v1
Alexander SAMARIN
BPM for business analysts: modelling procedure
BPM for business analysts: modelling procedure
Alexander SAMARIN
BPM, SOA and EA for e-government
BPM, SOA and EA for e-government
Alexander SAMARIN
Systems architecting experience
Systems architecting experience
Alexander SAMARIN
Examples of BPM + SOA joint work
Examples of BPM + SOA joint work
Alexander SAMARIN
Business process analysis and design – importance of having a common language...
Business process analysis and design – importance of having a common language...
Alan McSweeney
Aligning BPM and EA
Aligning BPM and EA
Sandy Kemsley
IBM BPM On Cloud demo Sept 4 2015
IBM BPM On Cloud demo Sept 4 2015
Logan Vadivelu
Process Analytics with Oracle BPM Suite 12c and BAM - OGh SIG SOA & BPM, 1st ...
Process Analytics with Oracle BPM Suite 12c and BAM - OGh SIG SOA & BPM, 1st ...
Lucas Jellema
Mini-course at VFU - Architecting modern digital systems - 2
Mini-course at VFU - Architecting modern digital systems - 2
Alexander SAMARIN
IBM Business Process Management
IBM Business Process Management
Asif Hussain
IBM BPM & ODM
IBM BPM & ODM
IBM Sverige
Introduction to Oracle BPM Suite
Introduction to Oracle BPM Suite
Revelation Technologies
Oracle bpm-suite-11g-overview-slide
Oracle bpm-suite-11g-overview-slide
Aericon
Enterprise Architecture (#EntArch) as a #systemsapproach applied management d...
Enterprise Architecture (#EntArch) as a #systemsapproach applied management d...
Alexander SAMARIN
IBM BPM Case Manager for knowledge workers
IBM BPM Case Manager for knowledge workers
sflynn073
Oracle BPM 11G
Oracle BPM 11G
Vijay Reddy
E-government reference model
E-government reference model
Alexander SAMARIN
E-passport example
E-passport example
Alexander SAMARIN
Más contenido relacionado
La actualidad más candente
Incremental transformation to #digital (explicit and executable) processes
Incremental transformation to #digital (explicit and executable) processes
Alexander SAMARIN
Ladder of business process practices
Ladder of business process practices
Alexander SAMARIN
Achieving synergy between BPM, SOA and EA
Achieving synergy between BPM, SOA and EA
Alexander SAMARIN
Architecting digital transformation v1
Architecting digital transformation v1
Alexander SAMARIN
BPM for business analysts: modelling procedure
BPM for business analysts: modelling procedure
Alexander SAMARIN
BPM, SOA and EA for e-government
BPM, SOA and EA for e-government
Alexander SAMARIN
Systems architecting experience
Systems architecting experience
Alexander SAMARIN
Examples of BPM + SOA joint work
Examples of BPM + SOA joint work
Alexander SAMARIN
Business process analysis and design – importance of having a common language...
Business process analysis and design – importance of having a common language...
Alan McSweeney
Aligning BPM and EA
Aligning BPM and EA
Sandy Kemsley
IBM BPM On Cloud demo Sept 4 2015
IBM BPM On Cloud demo Sept 4 2015
Logan Vadivelu
Process Analytics with Oracle BPM Suite 12c and BAM - OGh SIG SOA & BPM, 1st ...
Process Analytics with Oracle BPM Suite 12c and BAM - OGh SIG SOA & BPM, 1st ...
Lucas Jellema
Mini-course at VFU - Architecting modern digital systems - 2
Mini-course at VFU - Architecting modern digital systems - 2
Alexander SAMARIN
IBM Business Process Management
IBM Business Process Management
Asif Hussain
IBM BPM & ODM
IBM BPM & ODM
IBM Sverige
Introduction to Oracle BPM Suite
Introduction to Oracle BPM Suite
Revelation Technologies
Oracle bpm-suite-11g-overview-slide
Oracle bpm-suite-11g-overview-slide
Aericon
Enterprise Architecture (#EntArch) as a #systemsapproach applied management d...
Enterprise Architecture (#EntArch) as a #systemsapproach applied management d...
Alexander SAMARIN
IBM BPM Case Manager for knowledge workers
IBM BPM Case Manager for knowledge workers
sflynn073
Oracle BPM 11G
Oracle BPM 11G
Vijay Reddy
La actualidad más candente
(20)
Incremental transformation to #digital (explicit and executable) processes
Incremental transformation to #digital (explicit and executable) processes
Ladder of business process practices
Ladder of business process practices
Achieving synergy between BPM, SOA and EA
Achieving synergy between BPM, SOA and EA
Architecting digital transformation v1
Architecting digital transformation v1
BPM for business analysts: modelling procedure
BPM for business analysts: modelling procedure
BPM, SOA and EA for e-government
BPM, SOA and EA for e-government
Systems architecting experience
Systems architecting experience
Examples of BPM + SOA joint work
Examples of BPM + SOA joint work
Business process analysis and design – importance of having a common language...
Business process analysis and design – importance of having a common language...
Aligning BPM and EA
Aligning BPM and EA
IBM BPM On Cloud demo Sept 4 2015
IBM BPM On Cloud demo Sept 4 2015
Process Analytics with Oracle BPM Suite 12c and BAM - OGh SIG SOA & BPM, 1st ...
Process Analytics with Oracle BPM Suite 12c and BAM - OGh SIG SOA & BPM, 1st ...
Mini-course at VFU - Architecting modern digital systems - 2
Mini-course at VFU - Architecting modern digital systems - 2
IBM Business Process Management
IBM Business Process Management
IBM BPM & ODM
IBM BPM & ODM
Introduction to Oracle BPM Suite
Introduction to Oracle BPM Suite
Oracle bpm-suite-11g-overview-slide
Oracle bpm-suite-11g-overview-slide
Enterprise Architecture (#EntArch) as a #systemsapproach applied management d...
Enterprise Architecture (#EntArch) as a #systemsapproach applied management d...
IBM BPM Case Manager for knowledge workers
IBM BPM Case Manager for knowledge workers
Oracle BPM 11G
Oracle BPM 11G
Destacado
E-government reference model
E-government reference model
Alexander SAMARIN
E-passport example
E-passport example
Alexander SAMARIN
Guide Dogs and Digital Devices
Guide Dogs and Digital Devices
Xamarin
Technology-enabled healthcare transformation: concept paper
Technology-enabled healthcare transformation: concept paper
Alexander SAMARIN
Docker for the enterprise
Docker for the enterprise
Bert Poller
Presentation websockets
Presentation websockets
Bert Poller
Corba model ppt
Corba model ppt
Saransh Garg
Alibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker Enterprise
John Willis
The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so...
Adrien Blind
Docker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise Docker
Arnaud MAZIN
Real-world Microservices: Lessons from the Front Line - Zhamak Delghani, Thou...
Real-world Microservices: Lessons from the Front Line - Zhamak Delghani, Thou...
Thoughtworks
Safety & security in school
Safety & security in school
Roseline Ekeke
Smart-city implementation reference model
Smart-city implementation reference model
Alexander SAMARIN
Destacado
(13)
E-government reference model
E-government reference model
E-passport example
E-passport example
Guide Dogs and Digital Devices
Guide Dogs and Digital Devices
Technology-enabled healthcare transformation: concept paper
Technology-enabled healthcare transformation: concept paper
Docker for the enterprise
Docker for the enterprise
Presentation websockets
Presentation websockets
Corba model ppt
Corba model ppt
Alibaba Cloud Conference 2016 - Docker Enterprise
Alibaba Cloud Conference 2016 - Docker Enterprise
The missing piece : when Docker networking and services finally unleashes so...
The missing piece : when Docker networking and services finally unleashes so...
Docker Meetup Paris: enterprise Docker
Docker Meetup Paris: enterprise Docker
Real-world Microservices: Lessons from the Front Line - Zhamak Delghani, Thou...
Real-world Microservices: Lessons from the Front Line - Zhamak Delghani, Thou...
Safety & security in school
Safety & security in school
Smart-city implementation reference model
Smart-city implementation reference model
Similar a Addressing security concerns through BPM
Applying a BPM Approach to Three Similar but Distinct Business Environments
Applying a BPM Approach to Three Similar but Distinct Business Environments
jamieraut
Nextgen Bpm End to End
Nextgen Bpm End to End
TechnoPeers
Oracle soa and e2.0 partner community forum bpm léon smiers share
Oracle soa and e2.0 partner community forum bpm léon smiers share
Leon Smiers
2009 11-04 mm (carson, california - csu-dh) bpm introduction
2009 11-04 mm (carson, california - csu-dh) bpm introduction
Mike Marin
Improving SharePoint Business Process Maturity
Improving SharePoint Business Process Maturity
OpenText Global 360
Basta 2012 Mainz Process Intelligence mit Windows Workflow Foundation
Basta 2012 Mainz Process Intelligence mit Windows Workflow Foundation
Adam Boczek
SAP Enterprise Modeling Applications (ARIS)
SAP Enterprise Modeling Applications (ARIS)
Palisade Corporation
How we work with you 2012
How we work with you 2012
EKolenda
Case study experiences with services-oriented sap
Case study experiences with services-oriented sap
John Bernhard
Case Studies Using Process as the Lever for Enterprise Change
Case Studies Using Process as the Lever for Enterprise Change
Vincent Kwon
SOA - BPM
SOA - BPM
ibankuk
Share Point Business Process Maturity
Share Point Business Process Maturity
Derek E. Weeks
How we work with you 2012
How we work with you 2012
EKolenda
How we work with you 2012
How we work with you 2012
EKolenda
Cordys presentation
Cordys presentation
Mans Jug
Respond quickly to changing business needs–Business Process Management (BPM)
Respond quickly to changing business needs–Business Process Management (BPM)
Carly Snodgrass
Application Lifecycle Management & VSTS
Application Lifecycle Management & VSTS
Microsoft Iceland
Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009
Kim Westerlund
Portfolio Planning for 2013 - Keeping It Basic
Portfolio Planning for 2013 - Keeping It Basic
EPM Live
INFORMATION TECHNOLOGIES AS THE BASE OF THE BUSINESS PROCESS MANAGEMENT IMPLE...
INFORMATION TECHNOLOGIES AS THE BASE OF THE BUSINESS PROCESS MANAGEMENT IMPLE...
Abzetdin Adamov
Similar a Addressing security concerns through BPM
(20)
Applying a BPM Approach to Three Similar but Distinct Business Environments
Applying a BPM Approach to Three Similar but Distinct Business Environments
Nextgen Bpm End to End
Nextgen Bpm End to End
Oracle soa and e2.0 partner community forum bpm léon smiers share
Oracle soa and e2.0 partner community forum bpm léon smiers share
2009 11-04 mm (carson, california - csu-dh) bpm introduction
2009 11-04 mm (carson, california - csu-dh) bpm introduction
Improving SharePoint Business Process Maturity
Improving SharePoint Business Process Maturity
Basta 2012 Mainz Process Intelligence mit Windows Workflow Foundation
Basta 2012 Mainz Process Intelligence mit Windows Workflow Foundation
SAP Enterprise Modeling Applications (ARIS)
SAP Enterprise Modeling Applications (ARIS)
How we work with you 2012
How we work with you 2012
Case study experiences with services-oriented sap
Case study experiences with services-oriented sap
Case Studies Using Process as the Lever for Enterprise Change
Case Studies Using Process as the Lever for Enterprise Change
SOA - BPM
SOA - BPM
Share Point Business Process Maturity
Share Point Business Process Maturity
How we work with you 2012
How we work with you 2012
How we work with you 2012
How we work with you 2012
Cordys presentation
Cordys presentation
Respond quickly to changing business needs–Business Process Management (BPM)
Respond quickly to changing business needs–Business Process Management (BPM)
Application Lifecycle Management & VSTS
Application Lifecycle Management & VSTS
Higher education IAM-seminar Turku 10.12.2009
Higher education IAM-seminar Turku 10.12.2009
Portfolio Planning for 2013 - Keeping It Basic
Portfolio Planning for 2013 - Keeping It Basic
INFORMATION TECHNOLOGIES AS THE BASE OF THE BUSINESS PROCESS MANAGEMENT IMPLE...
INFORMATION TECHNOLOGIES AS THE BASE OF THE BUSINESS PROCESS MANAGEMENT IMPLE...
Más de Alexander SAMARIN
Digital Architecture Methodology for Systemic Digital Transformation (Smart C...
Digital Architecture Methodology for Systemic Digital Transformation (Smart C...
Alexander SAMARIN
Building large-scale digital repeatable systems
Building large-scale digital repeatable systems
Alexander SAMARIN
Smart Cities Reference Architecture
Smart Cities Reference Architecture
Alexander SAMARIN
Building large-scale digital repeatable systems e.g Smart Cities
Building large-scale digital repeatable systems e.g Smart Cities
Alexander SAMARIN
Mini-course at VFU - Architecting modern digital systems - 0
Mini-course at VFU - Architecting modern digital systems - 0
Alexander SAMARIN
Mini-course at VFU - Architecting modern digital systems - 5
Mini-course at VFU - Architecting modern digital systems - 5
Alexander SAMARIN
Mini-course at VFU - Architecting modern digital systems - 4
Mini-course at VFU - Architecting modern digital systems - 4
Alexander SAMARIN
Mini-course at VFU - Architecting modern digital systems - 3
Mini-course at VFU - Architecting modern digital systems - 3
Alexander SAMARIN
Mini-course at VFU - Architecting modern digital systems - 1
Mini-course at VFU - Architecting modern digital systems - 1
Alexander SAMARIN
Towards software-defined organisations
Towards software-defined organisations
Alexander SAMARIN
Smart Cities from the systems point of view
Smart Cities from the systems point of view
Alexander SAMARIN
#bizarch from the #entarch point of view
#bizarch from the #entarch point of view
Alexander SAMARIN
Эталонная модель электронного правительства
Эталонная модель электронного правительства
Alexander SAMARIN
Más de Alexander SAMARIN
(13)
Digital Architecture Methodology for Systemic Digital Transformation (Smart C...
Digital Architecture Methodology for Systemic Digital Transformation (Smart C...
Building large-scale digital repeatable systems
Building large-scale digital repeatable systems
Smart Cities Reference Architecture
Smart Cities Reference Architecture
Building large-scale digital repeatable systems e.g Smart Cities
Building large-scale digital repeatable systems e.g Smart Cities
Mini-course at VFU - Architecting modern digital systems - 0
Mini-course at VFU - Architecting modern digital systems - 0
Mini-course at VFU - Architecting modern digital systems - 5
Mini-course at VFU - Architecting modern digital systems - 5
Mini-course at VFU - Architecting modern digital systems - 4
Mini-course at VFU - Architecting modern digital systems - 4
Mini-course at VFU - Architecting modern digital systems - 3
Mini-course at VFU - Architecting modern digital systems - 3
Mini-course at VFU - Architecting modern digital systems - 1
Mini-course at VFU - Architecting modern digital systems - 1
Towards software-defined organisations
Towards software-defined organisations
Smart Cities from the systems point of view
Smart Cities from the systems point of view
#bizarch from the #entarch point of view
#bizarch from the #entarch point of view
Эталонная модель электронного правительства
Эталонная модель электронного правительства
Último
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Último
(20)
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Addressing security concerns through BPM
1.
Addressing security concerns
through BPM Concept note A. Samarin
2.
About me • An
enterprise architect – From a programmer to a systems architect – Experience in scientific, international, governmental and industry environments: CERN, ISO, IOC, BUPA, Groupe Mutuel, State of Geneva, EDQM, Bund ISB, AfDB – Have created systems which work without me – Practical adviser for design and implementation of enterprise architectures and solutions • My main “tool” is a blend of: – BPM, SOA, EA, ECM, governance and strategy • Blog http://improving-bpm-systems.blogspot.com/ • PhD in Computer Graphics and 2 published books © A. Samarin 2013 Addressing security concerns through BPM v7 2
3.
Agenda • Some security
concerns • Briefly about intersection of BPM and security • Processes and business objects life-cycle • Activity “touch-points” • Relationships between activities © A. Samarin 2013 Addressing security concerns through BPM v7 3
4.
Typical security concerns •
Confidentiality, Integrity, Availability • Modern security techniques are good at the technical and application levels not at business level yet • WHO can DO something with WHAT at particular WHEN and WHERE? • Need to link ACTORS, ACTIVITIES, and BUSINESS- OBJECTS (data structures and documents) • Such a linkage must be dynamic • Also such a linkage must be explicit and executable: – to analyse the security in design-time – to anticipate security in run-time © A. Samarin 2013 Addressing security concerns through BPM v7 4
5.
Business Process Management
(BPM) is a tool for improving business performance A natural evolution of BPR, A multitude of tools Lean, ISO 9001, 6 Sigma “handle” processes The theory The tools BPM as a disciplinehave a single The aim is to BPM as software: (use processes to business description of BPM suite (BPMS) processes: manage an - model in design enterprise) - input for project planning and execution An enterprise portfolio - executable program for of the business coordination of work processes as well as - documentation for all the practices and tools staff members for governing the - basis for management design, execution and decisions evolution of this The practice portfolio Any process-centric enterprise has some BPM, but how can we industrialise this BPM? © A. Samarin 2013 Addressing security concerns through BPM v7 5
6.
Process anatomy (1) •
The business is driven by events • For each event there is a process to be executed • Process coordinates execution of activities • The execution is carried out in accordance with business rules © A. Samarin 2013 Addressing security concerns through BPM v7 6
7.
Process anatomy (2) •
Each business activity operates with some business objects • A group of staff member (business role) is responsible for the execution of each activity • The execution of business processes produces audit trails • Audit trails (which are very detailed) are also used for the calculation of Key Performance Indicators (KPIs) © A. Samarin 2013 Addressing security concerns through BPM v7 7
8.
Different enterprise artefacts •
Business artefacts – Events Human – Processes “workflow” Data structures – Activities Roles – Roles Documents Events – Rules Rules Processes – Data & documents Services Audit trails – Audit trails KPIs – Performance indicators – Services • Organisational and technical artefacts … © A. Samarin 2013 Addressing security concerns through BPM v7 8
9.
Be ready for
common (mis-)understanding about process © A. Samarin 2013 Addressing security concerns through BPM v7 9
10.
Business processes are
complex relationships between artefacts • WHO (roles) is doing WHAT (business objects), WHEN (coordination of activities), WHY (business rules), HOW (business activities) and with WHICH Results (performance indicators) • Make these relationships explicit and executable What you model is what you execute © A. Samarin 2013 Addressing security concerns through BPM v7 10
11.
Practical Process Pattern:
Double Check (DC) © A. Samarin 2013 Addressing security concerns through BPM v7 11
12.
Practical Process Pattern:
Initial Process Skeleton (IPS) Mandatory: different actors because of the separation of duties Potentially: different actors because of performance impact – avoid assigning mechanical (low-qualified “red”) activities and added-value (“green”) activities to the same actors © A. Samarin 2013 Addressing security concerns through BPM v7 12
13.
Build security into
business processes: access control (1) • Align access rights with the work to be done Do something Grant necessary rights to Revoke an actor who will carry previously out this activity to access granted rights involved business objects © A. Samarin 2013 Addressing security concerns through BPM v7 13
14.
Build security into
business processes: access control (2) • Align security of a business object (e.g. an organisational document) with the work progress (preparation of this document) Personal Group Committee Management version drafting review approval Private Confidential Secret Top-secret Public © A. Samarin 2013 Addressing security concerns through BPM v7 14
15.
Process and Business
Object (BO) life- cycle • One process instance may handle many BOs life-cycle • One BO life-cycle may be managed by many process instances • IT understand better BO life-cycles • Business understand better processes • Many variants of duration process instance vs. BO life- cycle BO1 BO2 BO3 Process instance 1 BO4 Time © A. Samarin 2013 Addressing security concerns through BPM v7 15
16.
Processes, BO life-cycles
and events • Changes (e.g. evolving to next phase in life-cycle or starting of process instance) are initiated by events • Events can be temporal, external, internal, spontaneous • Events can be generated from processes and life-cycles • Enterprise-wide “event-dispatcher” is necessary; thinking about Event Processing Network (EPN), Complex Event Processing (CEP) and decision management BO1 BO2 BO3 Process instance 1 BO4 Time © A. Samarin 2013 Addressing security concerns through BPM v7 16
17.
Example: Document life-cycles •
Typical phases: Creation, Dissemination, Use, Maintenance, Disposition • For each phase, it is necessary to know: – initiating / terminating events – permissions for roles – expected duration – master repository – copy or cache repositories – volume (number of objects and size in Mb) estimation – annual growth estimation • Documents maybe multi-versioned and compound © A. Samarin 2013 Addressing security concerns through BPM v7 17
18.
One version case
Destroy In-active availability Long-term archive Active Formal availability actions including records Publish management Creation Time Key: Evolving document Mature document (no further evolution) Frozen document (for long-time preservation) © A. Samarin 2013 Addressing security concerns through BPM v7 18
19.
A few versions
case – typical for organisational documents Destroy In-active availability Long-term archive Active availability Publish Creation Time Edition 1 Edition 2 Edition 3 Key: Evolving document Mature document (no further evolution) Frozen document (for long-time preservation) through BPM v7 © A. Samarin 2013 Addressing security concerns 19
20.
Creation in more
details Publish Document evolution during creation phase Time Version 1 Version 2 Version 3 Version 4 Key: Evolving document Mature document (no further evolution) Frozen document (for long-time preservation) Document with no clearly Addressing destinyconcerns through destroy) © A. Samarin 2013 defined security (preserve or BPM v7 20
21.
Creation in more
details – more roles Publish Document Role B evolution during creation phase Role A Time Version 1 Version 2 Version 3 Version 4 Key: Evolving document Mature document (no further evolution) Frozen document (for long-time preservation) © A. Samarin 2013 Addressing security concerns through BPM v7 21
22.
A compound document
case – typical for business documents Destroy Historical interest Long-term archive Operational interest Publish or Close Active Time Start of Finish of Finish of Finish of business case business case retention 1 retention 2 Key: Evolving document Mature document (no further evolution) © A. Samarin 2013 Addressing security concerns through BPM v7 22 Frozen document (for long-time preservation)
23.
An electronic enterprise
archive as a BPM system (1) • (from http://fr.slideshare.net/samarin/creating-a-synergy- between-bpm-and-electronic-archives) • Events – New record received – Retention period of a dossier expired (security may change) – Access to records requested – ... • Business objects – Records – Dossiers – Documents – Calendars © A. Samarin 2013 Addressing security concerns through BPM v7 23
24.
An electronic enterprise
archive as a BPM system (2) • Rules – Retention calendar – Classifications – Naming conventions – Filing plan – ... • KPIs (consider service level agreements) – Yearly acquicition transfer from current to semi-current archive < 2 weeks © A. Samarin 2013 Addressing security concerns through BPM v7 24
25.
“Touch-points” for an
activity (1) in addition to the flow of control • Doing the work – ROLES to carry the work – ROLES to be consulted (before the work is completed) – ROLES to be informed (after the is completed) – To which ROLES the work can be delegated – To which ROLES the work can be send for review • Sourcing the work – Other ACTIVITIES to provide the input – Other ACTIVITIES to check the input • Validating the work – Other ACTIVITIES to check the output (errors and fraud prevention) © A. Samarin 2013 Addressing security concerns through BPM v7 25
26.
“Touch-points” for an
activity (2) in addition to the flow of control • Guiding the work – ACTIVITIES/BOs to provide the guidance (or business rules) • Assuring the work – other ACTIVITIES to handle escalations and exceptions – other ACTIVITIES to audit (1st, 2nd and 3rd party auditing) – other ACTIVITIES to evaluate the risk (before the work is started) – other ACTIVITIES to evaluate the risk (after the work is completed) – other ACTIVITIES to certify (1st, 2nd and 3rd party certification or conformity assessment) • Some ACTIVITIES can be carried out by the same actor, some ACTIVITIES must not © A. Samarin 2013 Addressing security concerns through BPM v7 26
27.
Relationships between activities
(1) • Those “touch-points” forms a base for establishing relationships between activities • Example – “Activitiy_B” relates to Activity_A as “Validating the work” – No actors must be assigned to both “Role_1” and “Role_2” Role_2 Role_1 Carry out the work Activity_B Carry out the work Validating the work Activity_A © A. Samarin 2013 Addressing security concerns through BPM v7 27
28.
Relationships between activities
(2) • It is mandatory to guarantee that all “touch-points” are covered (MECE principle) – By other activities and roles – By explicit decisions • Security provisions from some standards can be formally expressed and validated – ISO 9000 – COBIT – SOHO – Basel ? – PMI – Prince 2? © A. Samarin 2013 Addressing security concerns through BPM v7 28
29.
More information to
be considered • In addition to usual business objects (data and documents), it is necessary to secure all BPM artefacts – Events – Roles – Rules – Services – Process templates – Audit trails – KPIs – Process instances – Archived process instances © A. Samarin 2013 Addressing security concerns through BPM v7 29
30.
Technical risks involved •
Each BPM artefact is implemented as a service • Such a service is implemented with technical artefacts (database, application, server, cloud, etc.) • Such, security for BPM artefacts can be derived from the security of technical artefacts © A. Samarin 2013 Addressing security concerns through BPM v7 30
31.
Conclusions • BPM (via
explicit and executable processed) can address some security concerns • BPMN is the base for enriching process models (similar to as HTML is enriched by CSS) • Security can be evaluated at design-time (proactively) and run-time (actively) • Thus BPM can facilitate the operational risk management (see http://improving-bpm- systems.blogspot.com/2011/10/ea-view-on-enterprise- risk-management.html) © A. Samarin 2013 Addressing security concerns through BPM v7 31
32.
THANKS © A. Samarin
2013 Addressing security concerns through BPM v7 32
Descargar ahora