Abstract
We present a novel way to link business process model with data protection risk management. We use established body of knowledge regarding risk manager concepts and business process towards data protections. We try to contribute to the problems that today organizations should find a suitable data protection model that could be used in as a risk framework. The purpose of this document is to define a model to describe data protection in the context of risk. Our approach including the identification of the main concepts of data protection according to the scope of the with EU directive data protection regulation. We outline data protection model as a continuous way of protection valued organization information regarding personal identifiable information. Data protection encompass the preservation of personal data information from unauthorized access, use, modification, recording or destruction. Since this kind of service is offered in a continuous way, it is important to stablish a way to measure the effectiveness of awareness of data subject discloses regrading personal identifiable information.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The European Parliament: The European Council: General Data Protection Regulation (2016)
Dumas, M., La Rosa, M., Mendling, J., Reijers, H.A.: Fundamentals of Business Process Management. Springer, Heidelberg (2013)
Becker, J., Kahn, D.: The process in focus. In: Becker, J., Kugeler, M., Rosemann, M. (eds.) Process Management, pp. 1–12. Springer, Heidelberg (2003). doi:10.1007/978-3-540-24798-2_1
Scheer, A.-W., Thomas, O., Adam, O.: Process modeling using event-driven process chains. Process. Inf. Syst. 119–146 (2005)
Van Dongen, B., Dijkman, R., Mendling, J.: Measuring similarity between business process models. In: Bellahsène, Z., Léonard, M. (eds.) CAiSE 2008. LNCS, vol. 5074, pp. 450–464. Springer, Heidelberg (2008). doi:10.1007/978-3-540-69534-9_34
Curran, T., Keller, G., Ladd, A.: SAP R/3 Business Blueprint: Understanding the Business Process Reference Model. Prentice Hall PTR, Upper Saddle River (1998)
Becker, J., Kugeler, M., Rosemann, M.: Process Management: A Guide for the Design of Business Processes. Springer Science & Business Media, Heidelberg (2013)
EU Directive: 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Off. J. EC. 23 (1995)
Drozd, O.: Privacy pattern catalogue: a tool for integrating privacy principles of ISO/IEC 29100 into the software development process. In: Aspinall, D., Camenisch, J., Hansen, M., Fischer-Hübner, S., Raab, C. (eds.) Privacy and Identity 2015. IAICT, vol. 476, pp. 129–140. Springer, Cham (2016). doi:10.1007/978-3-319-41763-9_9
Parlamento Europeu, Conselho da União Europeia: GDPR - EUR-Lex - 32016R0679 - EN. J. Of. da União Eur. 59 (2016)
Tucker, P.: Has big data made anonymity impossible? MIT Rev. 116, 64–67 (2013)
Guarda, P., Zannone, N.: Towards the development of privacy-aware systems. Inf. Softw. Technol. 51, 337–350 (2009)
Laudon, K.C., Laudon, J.P.: Management Information Systems 13e (2013)
Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010)
Sommerville, I., Kotonya, G.: Requirements Engineering: Processes and Techniques. Wiley, Hoboken (1998)
ISO: 31000: 2009 risk management–principles and guidelines. Int. Organ. Stand. Geneva, Switz. (2009)
ISO Guide: 73: 2009. Risk Manag. (2009)
Backes, M., Pfitzmann, B., Waidner, M.: Security in business process engineering. In: Aalst, W.M.P., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678, pp. 168–183. Springer, Heidelberg (2003). doi:10.1007/3-540-44895-0_12
El-Attar, M., Luqman, H., Karpati, P., Sindre, G., Opdahl, A.L.: Extending the UML statecharts notation to model security aspects. IEEE Trans. Softw. Eng. 41, 661–690 (2015)
Nunes, F.J.B., Belchior, A.D., Albuquerque, A.B.: Security engineering approach to support software security. In: 6th World Congress Services, pp. 48–55 (2010)
Abie, H., Aredo, D.B., Kristoffersen, T., Mazaher, S., Raguin, T.: Integrating a security requirement language with UML. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, Stephen J. (eds.) UML 2004. LNCS, vol. 3273, pp. 350–364. Springer, Heidelberg (2004). doi:10.1007/978-3-540-30187-5_25
Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Metayer, D.L., Tirtea, R., Schiffner, S.: Privacy and data protection by design-from policy to engineering. arXiv Preprint arXiv:1501.03726 (2015)
Oladimeji, E.A., Supakkul, S., Chung, L.: Security threat modeling and analysis: a goal-oriented approach. In: Proceedings of the 10th IASTED International Conference on Software Engineering and Applications, SEA 2006, pp. 13–15 (2006)
Pfitzmann, A., Kiel, U.L.D.: Pseudonymity, and identity management – a consolidated proposal for terminology. Management 1–83 (2008)
Wuyts, K., Scandariato, R., Joosen, W.: Empirical evaluation of a privacy-focused threat modeling methodology. J. Syst. Softw. 96, 122–138 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Gonçalves, A., Correia, A., Cavique, L. (2017). Data Protection Risk Modeling into Business Process Analysis. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2017. ICCSA 2017. Lecture Notes in Computer Science(), vol 10404. Springer, Cham. https://doi.org/10.1007/978-3-319-62392-4_48
Download citation
DOI: https://doi.org/10.1007/978-3-319-62392-4_48
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62391-7
Online ISBN: 978-3-319-62392-4
eBook Packages: Computer ScienceComputer Science (R0)