{"id":"https://openalex.org/W1980279015","doi":"https://doi.org/10.4018/ijismd.2013100105","title":"An Extension of Business Process Model and Notation for Security Risk Management","display_name":"An Extension of Business Process Model and Notation for Security Risk Management","publication_year":2013,"publication_date":"2013-10-01","ids":{"openalex":"https://openalex.org/W1980279015","doi":"https://doi.org/10.4018/ijismd.2013100105","mag":"1980279015"},"language":"en","primary_location":{"id":"doi:10.4018/ijismd.2013100105","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijismd.2013100105","pdf_url":null,"source":{"id":"https://openalex.org/S83337018","display_name":"International Journal of Information System Modeling and Design","issn_l":"1947-8186","issn":["1947-8186","1947-8194"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information System Modeling and Design","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5008412863","display_name":"Olga Altuhhov","orcid":null},"institutions":[{"id":"https://openalex.org/I56085075","display_name":"University of Tartu","ror":"https://ror.org/03z77qz90","country_code":"EE","type":"education","lineage":["https://openalex.org/I56085075"]}],"countries":["EE"],"is_corresponding":true,"raw_author_name":"Olga Altuhhov","raw_affiliation_strings":["Institute of Computer Science, University of Tartu, Tartu, Estonia","Institute of Computer Science, University of Tartu, Tartu, Estonia#TAB#"],"affiliations":[{"raw_affiliation_string":"Institute of Computer Science, University of Tartu, Tartu, Estonia","institution_ids":["https://openalex.org/I56085075"]},{"raw_affiliation_string":"Institute of Computer Science, University of Tartu, Tartu, Estonia#TAB#","institution_ids":["https://openalex.org/I56085075"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066884035","display_name":"Raimundas Matulevi\u010dius","orcid":"https://orcid.org/0000-0002-1829-4794"},"institutions":[{"id":"https://openalex.org/I56085075","display_name":"University of Tartu","ror":"https://ror.org/03z77qz90","country_code":"EE","type":"education","lineage":["https://openalex.org/I56085075"]}],"countries":["EE"],"is_corresponding":false,"raw_author_name":"Raimundas Matulevi\u010dius","raw_affiliation_strings":["Institute of Computer Science, University of Tartu, Tartu, Estonia","Institute of Computer Science, University of Tartu, Tartu, Estonia#TAB#"],"affiliations":[{"raw_affiliation_string":"Institute of Computer Science, University of Tartu, Tartu, Estonia","institution_ids":["https://openalex.org/I56085075"]},{"raw_affiliation_string":"Institute of Computer Science, University of Tartu, Tartu, Estonia#TAB#","institution_ids":["https://openalex.org/I56085075"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5043782939","display_name":"Naved Ahmed","orcid":null},"institutions":[{"id":"https://openalex.org/I56085075","display_name":"University of Tartu","ror":"https://ror.org/03z77qz90","country_code":"EE","type":"education","lineage":["https://openalex.org/I56085075"]}],"countries":["EE"],"is_corresponding":false,"raw_author_name":"Naved Ahmed","raw_affiliation_strings":["Institute of Computer Science, University of Tartu, Tartu, Estonia","Institute of Computer Science, University of Tartu, Tartu, Estonia#TAB#"],"affiliations":[{"raw_affiliation_string":"Institute of Computer Science, University of Tartu, Tartu, Estonia","institution_ids":["https://openalex.org/I56085075"]},{"raw_affiliation_string":"Institute of Computer Science, University of Tartu, Tartu, Estonia#TAB#","institution_ids":["https://openalex.org/I56085075"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5008412863"],"corresponding_institution_ids":["https://openalex.org/I56085075"],"apc_list":null,"apc_paid":null,"fwci":4.7369,"has_fulltext":false,"cited_by_count":52,"citation_normalized_percentile":{"value":0.94438802,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"4","issue":"4","first_page":"93","last_page":"113"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10703","display_name":"Business Process Modeling and Analysis","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10679","display_name":"Service-Oriented Architecture and Web Services","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/business-process-model-and-notation","display_name":"Business Process Model and Notation","score":0.8758016228675842},{"id":"https://openalex.org/keywords/business-process-modeling","display_name":"Business process modeling","score":0.7024463415145874},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6245366334915161},{"id":"https://openalex.org/keywords/business-process","display_name":"Business process","score":0.5449619889259338},{"id":"https://openalex.org/keywords/artifact-centric-business-process-model","display_name":"Artifact-centric business process model","score":0.5159514546394348},{"id":"https://openalex.org/keywords/business-process-management","display_name":"Business process management","score":0.4610196352005005},{"id":"https://openalex.org/keywords/business-rule","display_name":"Business rule","score":0.4508976936340332},{"id":"https://openalex.org/keywords/xpdl","display_name":"XPDL","score":0.4501684308052063},{"id":"https://openalex.org/keywords/process-modeling","display_name":"Process modeling","score":0.4346574544906616},{"id":"https://openalex.org/keywords/process-management","display_name":"Process management","score":0.43004798889160156},{"id":"https://openalex.org/keywords/knowledge-management","display_name":"Knowledge management","score":0.3569863438606262},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3432950973510742},{"id":"https://openalex.org/keywords/workflow","display_name":"Workflow","score":0.16602933406829834},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.16310670971870422},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.13571280241012573},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.1323840320110321},{"id":"https://openalex.org/keywords/work-in-process","display_name":"Work in process","score":0.12388172745704651},{"id":"https://openalex.org/keywords/operations-management","display_name":"Operations management","score":0.0675172209739685}],"concepts":[{"id":"https://openalex.org/C179299601","wikidata":"https://www.wikidata.org/wiki/Q1017605","display_name":"Business Process Model and Notation","level":5,"score":0.8758016228675842},{"id":"https://openalex.org/C207505557","wikidata":"https://www.wikidata.org/wiki/Q4374012","display_name":"Business process modeling","level":4,"score":0.7024463415145874},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6245366334915161},{"id":"https://openalex.org/C85345410","wikidata":"https://www.wikidata.org/wiki/Q851587","display_name":"Business process","level":3,"score":0.5449619889259338},{"id":"https://openalex.org/C162754035","wikidata":"https://www.wikidata.org/wiki/Q17006331","display_name":"Artifact-centric business process model","level":5,"score":0.5159514546394348},{"id":"https://openalex.org/C80309976","wikidata":"https://www.wikidata.org/wiki/Q7007379","display_name":"Business process management","level":4,"score":0.4610196352005005},{"id":"https://openalex.org/C11066294","wikidata":"https://www.wikidata.org/wiki/Q1518244","display_name":"Business rule","level":4,"score":0.4508976936340332},{"id":"https://openalex.org/C130536060","wikidata":"https://www.wikidata.org/wiki/Q592375","display_name":"XPDL","level":4,"score":0.4501684308052063},{"id":"https://openalex.org/C76956256","wikidata":"https://www.wikidata.org/wiki/Q27610560","display_name":"Process modeling","level":3,"score":0.4346574544906616},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.43004798889160156},{"id":"https://openalex.org/C56739046","wikidata":"https://www.wikidata.org/wiki/Q192060","display_name":"Knowledge management","level":1,"score":0.3569863438606262},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3432950973510742},{"id":"https://openalex.org/C177212765","wikidata":"https://www.wikidata.org/wiki/Q627335","display_name":"Workflow","level":2,"score":0.16602933406829834},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.16310670971870422},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.13571280241012573},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.1323840320110321},{"id":"https://openalex.org/C174998907","wikidata":"https://www.wikidata.org/wiki/Q357662","display_name":"Work in process","level":2,"score":0.12388172745704651},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.0675172209739685},{"id":"https://openalex.org/C188220564","wikidata":"https://www.wikidata.org/wiki/Q3325097","display_name":"Workflow engine","level":3,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.4018/ijismd.2013100105","is_oa":false,"landing_page_url":"https://doi.org/10.4018/ijismd.2013100105","pdf_url":null,"source":{"id":"https://openalex.org/S83337018","display_name":"International Journal of Information System Modeling and Design","issn_l":"1947-8186","issn":["1947-8186","1947-8194"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320424","host_organization_name":"IGI Global","host_organization_lineage":["https://openalex.org/P4310320424"],"host_organization_lineage_names":["IGI Global"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Journal of Information System Modeling and Design","raw_type":"journal-article"},{"id":"pmh:oai:RePEc:igg:jismd0:v:4:y:2013:i:4:p:93-113","is_oa":false,"landing_page_url":"https://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/ijismd.2013100105","pdf_url":null,"source":{"id":"https://openalex.org/S4306401271","display_name":"RePEc: Research Papers in Economics","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I77793887","host_organization_name":"Federal Reserve Bank of St. Louis","host_organization_lineage":["https://openalex.org/I77793887"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals","score":0.4099999964237213}],"awards":[],"funders":[{"id":"https://openalex.org/F4320321018","display_name":"Eesti Teadusfondi","ror":"https://ror.org/00jjeja18"},{"id":"https://openalex.org/F4320324717","display_name":"Tartu \u00dclikool","ror":"https://ror.org/03z77qz90"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":38,"referenced_works":["https://openalex.org/W14727781","https://openalex.org/W45591948","https://openalex.org/W108673951","https://openalex.org/W171045190","https://openalex.org/W818892910","https://openalex.org/W1504560879","https://openalex.org/W1616974471","https://openalex.org/W1843840945","https://openalex.org/W1873701880","https://openalex.org/W1995945562","https://openalex.org/W2041673544","https://openalex.org/W2076622132","https://openalex.org/W2083186005","https://openalex.org/W2091034495","https://openalex.org/W2098019984","https://openalex.org/W2103253321","https://openalex.org/W2104006659","https://openalex.org/W2110143060","https://openalex.org/W2113237548","https://openalex.org/W2116585427","https://openalex.org/W2122541722","https://openalex.org/W2131730994","https://openalex.org/W2146762449","https://openalex.org/W2150546866","https://openalex.org/W2165064701","https://openalex.org/W2169696634","https://openalex.org/W2185339795","https://openalex.org/W2203530339","https://openalex.org/W2265958466","https://openalex.org/W2292684251","https://openalex.org/W2369295637","https://openalex.org/W2501198234","https://openalex.org/W2622110426","https://openalex.org/W4205736829","https://openalex.org/W4243919793","https://openalex.org/W4244142475","https://openalex.org/W4293258406","https://openalex.org/W6600596909"],"related_works":["https://openalex.org/W93556318","https://openalex.org/W2150476276","https://openalex.org/W4300427051","https://openalex.org/W2097616329","https://openalex.org/W142537396","https://openalex.org/W2004965561","https://openalex.org/W2156946939","https://openalex.org/W2034761836","https://openalex.org/W2479849232","https://openalex.org/W2408087754"],"abstract_inverted_index":{"Business":[0],"process":[1,17],"modelling":[2,210],"is":[3,60],"one":[4],"of":[5,55,78,97,116],"the":[6,10,32,53,56,79,84,94,98,107,114,117,124,127,136,140,146,162,166,196,205,218],"major":[7],"aspects":[8],"in":[9,72],"modern":[11],"information":[12,81],"system":[13,176],"development.":[14],"Recently":[15],"business":[16,40,57,65,191,199],"model":[18,96,202,206],"and":[19,67,104,153,170,200,204],"notation":[20],"(BPMN)":[21],"has":[22],"become":[23],"a":[24,61,76],"standard":[25],"technique":[26],"to":[27,37,74,93,113,139,161,178,181,185,217],"support":[28,75],"this":[29,122],"activity.":[30],"Typically":[31],"BPMN":[33,90,128,137,148],"notations":[34],"are":[35,50,215],"used":[36],"understand":[38,179],"enterprise's":[39],"processes.":[41,58,192],"However,":[42],"limited":[43],"work":[44,86],"exists":[45],"regarding":[46,165],"how":[47,106,145,180],"security":[48,68,100,131,183,201],"concerns":[49],"addressed":[51],"during":[52],"management":[54,102,133],"This":[59],"problem,":[62],"since":[63],"both":[64,214],"processes":[66],"should":[69],"be":[70,111],"understood":[71],"parallel":[73],"development":[77],"secure":[80,186],"systems.":[82],"In":[83,121],"previous":[85],"we":[87],"have":[88],"analysed":[89],"with":[91],"respect":[92],"domain":[95,119,220],"IS":[99],"risk":[101,132,154],"(ISSRM)":[103],"showed":[105],"language":[108],"constructs":[109],"could":[110,149],"aligned":[112,216],"concepts":[115],"ISSRM":[118,141,219],"model.":[120],"paper":[123,194],"authors":[125],"propose":[126],"extensions":[129],"for":[130,198],"based":[134],"on":[135,156],"alignment":[138],"concepts.":[142],"We":[143],"illustrate":[144],"extended":[147],"express":[150],"assets,":[151],"risks":[152],"treatment":[155],"few":[157],"running":[158],"examples":[159],"related":[160],"Internet":[163],"store":[164],"asset":[167],"confidentiality,":[168],"integrity":[169],"availability.":[171],"Our":[172],"proposal":[173],"would":[174],"allow":[175],"analysts":[177],"develop":[182],"requirements":[184],"important":[187],"assets":[188],"defined":[189],"through":[190],"The":[193],"opens":[195],"possibility":[197],"interoperability":[203],"transformation":[207],"between":[208],"several":[209],"approaches":[211],"(if":[212],"these":[213],"model).":[221]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":6},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":9},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}