Business Process Redesign (BPR) is the process of organizational change aimed at improving work efficiency and business value delivery. It involves modifying, simplifying, or automating existing process models to create new ones. These changes often lead to adjustments in supporting software and applications, potentially introducing new security vulnerabilities due to programming errors or design weaknesses.
BPR can create security vulnerabilities in both applications and business processes, necessitating early prediction to mitigate potential risks. The Node Strength-based Vulnerability Modeling (NSVM) method offers a solution for depicting vulnerability spread in business processes and IT services using graph-based models. NSVM aims to reduce reliance on security experts by predicting vulnerabilities in business process models. It utilizes data from the Common Weakness Enumerations (CWEs) dictionary and is applicable across various industries.
E-commerce platforms serve as a case study due to their comprehensive user guides and trackable process model changes. NSVM involves developing an initial vulnerability model, followed by an adaptive mechanism to adjust the model post-BPR. Testing on e-commerce systems shows promising results, with the NSVM method providing insights into vulnerability prediction and management post-BPR.
For further details, you can read the full article here.