On the security of business processes: classification of approaches, comparison, and research directions

Abstract

Business processes are at the heart of companies and evolve constantly to cope with the business needs. Considering the speed at which these changes occur, securing companies’ business processes has become much more critical. Indeed, business processes are becoming more complex and rely on today’s new technologies like the Cloud Computing that cause many security concerns. In this paper, we overview the security with its three goals namely confidentiality, integrity and availability of information systems, focusing on the business process layer. We consider the main business process dimensions (aspects), namely, the informational, the organizational and the logical (behavioural) dimensions. Then, we review and provide a comparison of distinct published security approaches that we have categorised into six main classes. Finally, based on our comparative study, we identify open questions and research directions in the field.