Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security

Cherdantseva, Yulia ORCID: 2014. Secure*BPMN - a graphical extension for BPMN 2.0 based on a reference model of information assurance & security. PhD Thesis, Cardiff University.
Item availability restricted.

[thumbnail of 2014cherdantsevayphd.pdf]
PDF - Accepted Post-Print Version
Available under License Creative Commons Attribution Non-commercial Share Alike.

Download (37MB) | Preview
[thumbnail of cherdantsevay.pdf] PDF - Supplemental Material
Restricted to Repository staff only

Download (5MB)


The main contribution of this thesis is Secure*BPMN, a graphical security modelling extension for the de-facto industry standard business process modelling language BPMN 2.0.1. Secure*BPMN enables a cognitively effective representation of security concerns in business process models. It facilitates the engagement of experts with different backgrounds, including non-security and nontechnical experts, in the discussion of security concerns and in security decision-making. The strength and novelty of Secure*BPMN lie in its comprehensive semantics based on a Reference Model of Information Assurance & Security (RMIAS) and in its cognitively effective syntax. The RMIAS, which was developed in this project, is a synthesis of the existing knowledge of the Information Assurance & Security domain. The RMIAS helps to build an agreed-upon understanding of Information Assurance & Security, which experts with different backgrounds require before they may proceed with the discussion of security issues. The development process of the RMIAS, which was made explicit, and the multiphase evaluation carried out confirmed the completeness and accuracy of the RMIAS, and its suitability as a foundation for the semantics of Secure*BPMN. The RMIAS, which has multiple implications for research, education and practice is a secondary contribution of this thesis, and is a contribution to the Information Assurance & Security domain in its own right. The syntax of Secure*BPMN complies with the BPMN extensibility rules and with the scientific principles of cognitively effective notation design. The analytical and empirical evaluations corroborated the ontological completeness, cognitive effectiveness, ease of use and usefulness of Secure*BPMN. It was verified that Secure*BPMN has a potential to be adopted in practice.

Item Type: Thesis (PhD)
Status: Unpublished
Schools: Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Uncontrolled Keywords: Information Security, Information Assurance, Reference Model, Conceptual Model, Security Knowledge Representation, Reference Model Evaluation, Business Process Modelling Language, BPMN, Graphical Extension, BPMN Extension Evaluation
Date of First Compliant Deposit: 30 March 2016
Last Modified: 28 Oct 2022 09:24

Actions (repository staff only)

Edit Item Edit Item


Downloads per month over past year

View more statistics