SPBP’17: Workshop on Security and Privacy-enhanced Business Process Management

September 11, 2017, Barcelona, Spain

Place: UPC Nord Campus

Room: VS210


14:00-15:30 - session 1

14:00-14:15 Opening

14:15-15:15 Keynote presentation

  • Jan Mendling, Blockchains for Business Process Management - Challenges and Opportunities
  • Abstract: Blockchain technology offers a sizable promise to rethink the way inter-organizational business processes are managed because of its potential to realize execution without a central party serving as a single point of trust (and failure). To stimulate research on this promise and the limits thereof, we have written a position paper on the challenges and opportunities of blockchain for Business Process Management (BPM) with various experts in the field. In this talk, I summarize these challenges and opportunities alongside two established frameworks, namely the six BPM core capabilities and the BPM lifecycle, and detail seven research directions for investigating the application of blockchain technology to BPM.

15:15-15:30 Discussion

15:30-16:00 - coffee break

16:00-17:30 - session 2

16:00-16:35 Regular paper 1

  • Majed Alshammari, Andrew Simpson, Personal Data Management: An Abstract Personal Data Lifecycle Model
  • Abstract: It is well understood that processing personal data without effective data management models may lead to privacy violations. Such concerns have motivated the development of privacy-aware practices and systems, as well as legal frameworks and standards. However, there is a disconnect between policy-makers and software engineers with respect to the meaning of privacy. In addition, it is challenging: to establish that a system underlying business processes complies with its privacy requirements; to provide technical assurances; and to meet data subjects' expectations. We propose an abstract personal data lifecycle (APDL) model to support the management and traceability of personal data. The APDL model represents data-processing activities in a way that is amenable to analysis. As well as facilitating the identification of potentially harmful data-processing activities, it has the potential to demonstrate compliance with legal frameworks and standards.

16:35-17:10 Regular paper 2

  • Dmitrij Olifer, Nikolaj Goranin, Justinas Janulevicius, Arnas Kaceniauskas, Antanas Cenys, Improvement of Security Costs Evaluation Process by Using Data Automatically Captured from BPMN and EPC Models
  • Abstract: Amount of security breaches and organizations’ losses, related to them, is increasing every year. One of the key reasons is a high dependency of organization’s key business processes on information and information technol-ogy. To decrease the risk of possible breaches, organizations have to ensure “due diligence” and “due care” principles. This means, organizations need to apply requirements or controls defined by existing security standards. One of the main issues in such approach is identification of critical areas and evalua-tion of cost for security requirements implementation. In this paper we consider how our previously proposed method for information security requirements im-plementation cost evaluation could be linked with organizations’ business pro-cesses. Our proposal could help us identify organization critical areas, which need to be protected and could let us to calculate security costs, related to the protected areas.

17:10-17:30 Discussion and closing