Security risk management in IT projects based on Workflow mining
Abstract
Over time, IT projects face several risk that can lead to failures, like security ones. Thus, security risk management and risk management in general in a project is a major issue that the success of the project depends. The sources of security risk are varied in an IT project. Risks should be a comprehensive study by the IT project managers in order to prevent or stop their harmful effects. In this paper, a new approach based on the workflow mining and to manage security risks in an IT project is defined. It is based on the analysis of event logs associated with resources used in a project to identify and analyze security risks therein and therefore able to offer a solution to address them. As a result, patterns of identification and treatment of risks are proposed on the basis of a policy of risk management
References
Standish Group. The Standish Group Report - CHAOS. Project Smart, 2014.
Barry W. Boehm. Software risk management: Principles and practices. IEEE Software, 8(1):32–41, 1991.
Shareeful Islam. Software Development Risk Management Model- a goal-driven approach. PhD thesis, TechnischeUniversitatMunchen, March 2011.
Roger AtsaEtoundi. "atsero method : a guideline for business process and workflow modelingwithin an entreprise". International Journal of Scientific Engineering Research, 2, December 2011.
ISO 31000 – Risk Management Standard, page 2, February 2008.
H. Knight. (1921) Risk, Uncertainty and Profit. [Online]. www.econlib.org/library/Knight/knRUP.html
Amine NEHARI TALET, Razali MAT-ZINand Maaradj HOUARI. Risk Management and Information Technology Projects.International Journal of Digital Information and Wireless Communications, (IJDIWC) 4(1): 1-9,2014.
Southern, S, "Creating risk management strategies for IT security," Network Security, pp. 13-14, 2009.
J. Kontio, "The Riskit Method for Software Risk Management version 1, 00," University of Maryland. College Park, MD, Computer Science Technical Reports CS-TR-3782 / UMIACSTR- 97-38, 1997.
Boehm, B., & Bose, P., "A collaborative spiral software process model based on theory W", in 3rd International Conference on the Software Process (ICSP94), New York, 1994.
Higuera.R&Haimes.Y, "Software Risk Management", Software Engineering Institute Carnegie Mellon University, Pittsburgh, Pennsylvania 15213, Technical Report CMU/SEI-96-TR-012 ESC-TR-96-012, 1996.
Etoundi Roger, Atsa, Onanena Georges, Nkoulou, Mi Bahanag Nicolas, Nkondock,&MoyoAchille, M. (2013). A Formal Framework for Intrusion Detection within an Information System based on Workflow Audit. International Journal of Computer Applications, 81(1), 1-10.
S., Feather, M., & Hicks, K. Cornford, "DDPTool for life-Cycle Risk Management. Jet Propulsion Laboratory," CalifornaiaInstitutte of Technology, IEEE, 2001.
J., Jurison, "Software project management: The manager’s view," Communications of Association for Information Systems, vol. 2, no. 17, pp. 2-52, 1999.
Bandyopadhyay, K., Myktyn, P., &Myktyn, K., "A framework for integrated risk management in information technology",Management Decision, pp. 437-444, 1999.
Bruckner, M., List, B., &Schiefer, J., "Risk-Management for Data Warehouse Systems," Data Warehousing and Knowledge, pp. 219-229, 2001.
Beck, T., Levine, R., Loayza N., "Finance and the Sources of Growth",Journal of Finance and Economics, vol. 58, pp. 261-300, 2000.
P. & Merritt, G. Smith, "Proactive Risk Management: Controlling Uncertainty in Product Development",Productivity Press, New York, 2002.
Project Management Institute, A Guide to the Project Management Body of Knowledge (PMBOK® Guide), 4th ed., 2008. [Online].http://www.projectsmart.co.uk/pdf/pmbok.pdf
Sommerville. I, Software Engineering, 8th ed. University of St. Andrews, United Kingdom: Addison-Wesley,2006.
Software & Systems Engineering Standards Committee of the IEEE Computer Society, "Systems and software engineering — Life cycle processes — Risk management," International Organization forStandardization/International Electrotechnical Commission, ISO/IEC 16085 IEEE Std 16085-2006.
TOGAF. (2009) The Open Group Architecture Framework (TOGAF). [Online]. http://www.kingdee.com/news/subject/10togaf/pdf/TOGAF_9_ziyuan.pdf
J. Herbst L. Maruster1 G.Schimm W.M.P. van der Aalst, B.F. van Dongen and A.J.M.M.Weijters. "workow mining: A survey of issues and approaches.
C.J. Fidge A.H.M. terHofstede A. Pika, W.M.P. van der Aalst and M.T. Wynn. Profilingevent logs to configure risk indicators for process delays. International Conference onAdvanced Information Systems Engineering (Caise 2013), Springer-Verlag, volume 7908 ofLecture Notes in Computer Science: 465–481, 2013.
K. Vergidis A. Tiwari A.K. Jallow, B. Majeed and R. Roy. Operational risk analysis in business processes. BT Technology Journal, 25(1):168–177, 2007.
R.C. Lunardi L.Z. Granville L.P. Gaspary J.A. Wickboldt, L.A. Bianchin and C. Bartolini.A framework for risk assessment based on analysis of historical information of workflowexecution in it systems. Computer Networks, 55(13):2954–2975, 2011.
R.D. Tennent. The denotational semantics of programming languages ii. Communicationof the ACM, 1976.
Joseph A. Goguen. Hidden Algebra for software Engineering. University of California at San Diego, La Jolla CA 92093-0114 USA.
Victoria Montgomery. New statistical methods in risk assessment by probability bounds.PhD Thesis, Durham University, UK, February 2009.
