Conference paper

Integration of Data Envelopment Analysis in Business Process Models : A novel approach to measure information security

Authors/Editors

No matching items found.



Research Areas

No matching items found.


Publication Details

Author list: Große, Christine

Publisher: SciTePress

Publication year: 2020

Start page: 281

End page: 288

Number of pages: 8

ISBN: 978-989-758-399-5

DOI: http://dx.doi.org/10.5220/0008875802810288

URL: https://www.scitepress.org/PublicationsDetail.aspx?ID=G6uszowEcJI=&t=1


Abstract

This article explores the question of how to measure information security. Organisational information security is difficult to evaluate in this complex area because it includes numerous factors. The human factor has been acknowledged as one of the most challenging factors to consider in the field of information security. This study models the application of data envelopment analysis to business processes in order to facilitate the evaluation of information security that includes human factors. In addition to the model, this study demonstrates that data envelopment analysis provides an efficiency measure to assess the information security level of a business process. The novel approach that is proposed in this paper is exemplified with the aid of three fictive processes. The Business Process Model and Notation has been used to map the processes because it facilitates the visualisation of human interactions in processes and the form of the processed information. The combination of data envelopment analysis with process modelling and analyses of process deficiencies and threats to information security enables the evaluation of information security to include human factors in the analyses. Moreover, it provides a measure to benchmark information security in organisational processes.


Projects

No matching items found.


Keywords

No matching items found.


Documents

No matching items found.