{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T05:40:44Z","timestamp":1773207644566,"version":"3.50.1"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319258966","type":"print"},{"value":"9783319258973","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-25897-3_7","type":"book-chapter","created":{"date-parts":[[2015,10,27]],"date-time":"2015-10-27T19:20:38Z","timestamp":1445973638000},"page":"91-107","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Eliciting Security Requirements for Business Processes of Legacy Systems"],"prefix":"10.1007","author":[{"given":"Nikolaos","family":"Argyropoulos","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luis","family":"M\u00e1rquez Alca\u00f1iz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Andrew","family":"Fish","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David G.","family":"Rosado","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ignacio Garc\u00eda-Rodriguez","family":"de Guzm\u00e1n","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eduardo","family":"Fern\u00e1ndez-Medina","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,11,26]]},"reference":[{"key":"7_CR1","unstructured":"Wu, B., Lawless, D., Bisbal, J., Grimson, J., Wade, V., O\u2019Sullivan, D., Richardson, R.: Legacy system migration: a legacy data migration engine. In: 17th International Database Conference, pp. 129\u2013138 (1997)"},{"issue":"5","key":"7_CR2","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1109\/52.795108","volume":"16","author":"J Bisbal","year":"1999","unstructured":"Bisbal, J., Lawless, D., Wu, B., Grimson, J.: Legacy information systems: issues and directions. IEEE Softw. 16(5), 103\u2013111 (1999)","journal-title":"IEEE Softw."},{"key":"7_CR3","unstructured":"Bisbal, J., Lawless, D., Wu, B., Grimson, J., Wade, V., Richardson, R., Sullivan, D.O.: A Survey of Research into Legacy System Migration. Technical report (1997)"},{"key":"7_CR4","doi-asserted-by":"crossref","unstructured":"Cleve, A., Hainaut, J.L.: Dynamic analysis of SQL statements for data-intensive applications reverse engineering. In: 15th IEEE Working Conference on Reverse Engineering, pp. 192\u2013196. IEEE Computer Society (2008)","DOI":"10.1109\/WCRE.2008.38"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Bernardi, M.: Reverse engineering of aspect oriented systems to support their comprehension, evolution, testing and assessment. In: 12th IEEE European Conference on Software Maintenance and Reengineering, pp. 290\u2013293. IEEE Computer Society (2008)","DOI":"10.1109\/CSMR.2008.4493329"},{"issue":"10","key":"7_CR6","doi-asserted-by":"publisher","first-page":"1023","DOI":"10.1016\/j.infsof.2011.05.006","volume":"53","author":"R P\u00e9rez-Castillo","year":"2011","unstructured":"P\u00e9rez-Castillo, R., De Guzm\u00e1n, I.G.R., Piattini, M.: Business process archeology using MARBLE. Inf. Softw. Technol. 53(10), 1023\u20131044 (2011)","journal-title":"Inf. Softw. Technol."},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: 11th IEEE International Requirements Engineering Conference, pp. 151\u2013161. IEEE Computer Society (2003)","DOI":"10.1109\/ICRE.2003.1232746"},{"issue":"2","key":"7_CR8","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1016\/j.csi.2006.04.002","volume":"29","author":"D Mellado","year":"2007","unstructured":"Mellado, D., Fern\u00e1ndez-Medina, E., Piattini, M.: A common criteria based security requirements engineering process for the development of secure information systems. Comput. Stan. Interfaces 29(2), 244\u2013253 (2007)","journal-title":"Comput. Stan. Interfaces"},{"issue":"8","key":"7_CR9","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1145\/859670.859675","volume":"46","author":"ME Whitman","year":"2003","unstructured":"Whitman, M.E.: Enemy at the gate: threats to information security. Commun. ACM 46(8), 91\u201395 (2003)","journal-title":"Commun. ACM"},{"issue":"3","key":"7_CR10","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1016\/j.infsof.2013.12.004","volume":"56","author":"M Leitner","year":"2014","unstructured":"Leitner, M., Rinderle-Ma, S.: A systematic review on security in process-aware information systems - constitution, challenges, and future directions. Inf. Softw. Technol. 56(3), 273\u2013293 (2014)","journal-title":"Inf. Softw. Technol."},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Neubauer, T., Klemen, M., Biffl, S.: Secure business process management: a roadmap. In: 1st IEEE International Conference on Availability, Reliability and Security, Vienna, Austria, pp. 457\u2013464. IEEE Computer Society (2006)","DOI":"10.1109\/ARES.2006.121"},{"key":"7_CR12","unstructured":"Pavlovski, C.J., Zou, J.: Non-functional requirements in business process modeling. In: 5th Asia-Pacific Conference on Conceptual Modelling, pp. 103\u2013112 (2008)"},{"issue":"3","key":"7_CR13","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1016\/j.dss.2011.01.018","volume":"51","author":"A Rodr\u00edguez","year":"2011","unstructured":"Rodr\u00edguez, A., Fern\u00e1ndez-Medina, E., Trujillo, J., Piattini, M.: Secure business process model specification through a UML 2.0 activity diagram profile. Decis. Support Syst. 51(3), 446\u2013465 (2011)","journal-title":"Decis. Support Syst."},{"key":"7_CR14","unstructured":"P\u00e9rez-Castillo, R., De Guzm\u00e1n, I.G.R., vila Garca, O., Piattini, M.: MARBLE: modernization approach for recovering business processes from legacy information systems. In: International Workshop on Reverse Engineering Models from Software Artifacts, pp. 17\u201320 (2009)"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"P\u00e9rez-Castillo, R., Fern\u00e1ndez-Ropero, M., De Guzm\u00e1n, I.G.R., Piattini, M.: MARBLE. A business process archeology tool. In: 27th IEEE International Conference on Software Maintenance, pp. 578\u2013581. IEEE Computer Society (2011)","DOI":"10.1109\/ICSM.2011.6080834"},{"issue":"5","key":"7_CR16","doi-asserted-by":"publisher","first-page":"744","DOI":"10.1108\/14637150910987937","volume":"15","author":"RK Ko","year":"2009","unstructured":"Ko, R.K., Lee, S.S., Lee, E.W.: Business process management (BPM) standards: a survey. Bus. Process Manage. 15(5), 744\u2013791 (2009)","journal-title":"Bus. Process Manage."},{"key":"7_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1007\/978-3-540-75183-0_18","volume-title":"Business Process Management","author":"A Lapouchnian","year":"2007","unstructured":"Lapouchnian, A., Yu, Y., Mylopoulos, J.: Requirements-driven design and configuration management of business processes. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 246\u2013261. Springer, Heidelberg (2007)"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Horkoff, J., Li, T., Li, F.L., Salnitri, M., Cardoso, E., Giorgini, P., Mylopoulos, J., Pimentel, J.A.: Taking goal models downstream: a systematic roadmap. In: 8th IEEE International Conference on Research Challenges in Information Science, pp. 1\u201312. IEEE Computer Society (2014)","DOI":"10.1109\/RCIS.2014.6861036"},{"key":"7_CR19","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/11961239_3","volume-title":"Advances in Knowledge Acquisition and Management","author":"G Koliadis","year":"2006","unstructured":"Koliadis, G., Ghose, A.: Relating business process models to goal-oriented requirements models in KAOS. In: Hoffmann, A., Kang, B.-H., Richards, D., Tsumoto, S. (eds.) PKAW 2006. LNCS (LNAI), vol. 4303, pp. 25\u201339. Springer, Heidelberg (2006)"},{"key":"7_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"467","DOI":"10.1007\/978-3-642-25535-9_31","volume-title":"Service-Oriented Computing","author":"AK Ghose","year":"2011","unstructured":"Ghose, A.K., Narendra, N.C., Ponnalagu, K., Panda, A., Gohad, A.: Goal-driven business process derivation. In: Kappel, G., Maamar, Z., Motahari-Nezhad, H.R. (eds.) ICSOC 2011. LNCS, vol. 7084, pp. 467\u2013476. Springer, Heidelberg (2011)"},{"key":"7_CR21","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1016\/j.entcs.2004.05.005","volume":"105","author":"M Pistore","year":"2004","unstructured":"Pistore, M., Roveri, M., Busetta, P.: Requirements-driven verification of web services. Electron. Notes Theor. Comput. Sci. 105, 95\u2013108 (2004)","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"7_CR22","unstructured":"Guizzardi, R.S.S., Guizzardi, G., Almeida, J.P.A., Cardoso, E.: Bridging the gap between goals, agents and business processes. In: 4th International i* Workshop, pp. 46\u201351. CEUR (2010)"},{"key":"7_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-540-75563-0_8","volume-title":"Conceptual Modeling - ER 2007","author":"A Lo","year":"2007","unstructured":"Lo, A., Yu, E.: From business models to service-oriented design: a reference catalog approach. In: Parent, C., Schewe, K.-D., Storey, V.C., Thalheim, B. (eds.) ER 2007. LNCS, vol. 4801, pp. 87\u2013101. Springer, Heidelberg (2007)"},{"key":"7_CR24","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"29","DOI":"10.1007\/978-3-642-17722-4_3","volume-title":"Information Systems Evolution","author":"K Decreus","year":"2011","unstructured":"Decreus, K., Poels, G.: A goal-oriented requirements engineering method for business processes. In: Soffer, P., Proper, E. (eds.) CAiSE Forum 2010. LNBIP, vol. 72, pp. 29\u201343. Springer, Heidelberg (2011)"},{"key":"7_CR25","doi-asserted-by":"publisher","first-page":"330","DOI":"10.1016\/j.is.2015.03.007","volume":"53","author":"M Ruiz","year":"2015","unstructured":"Ruiz, M., Costal, D., Espa\u00f1a, S., Franch, X., Pastor, O.: GoBIS: an integrated framework to analyse the goal and business process perspectives in information systems. Inf. Syst. 53, 330\u2013345 (2015)","journal-title":"Inf. Syst."},{"key":"7_CR26","doi-asserted-by":"crossref","unstructured":"S\u00e9guran, M., H\u00e9bert, C., Frankova, G.: Secure workflow development from early requirements analysis. In: 6th IEEE European Conference on Web Services, pp. 125\u2013134. IEEE Computer Society (2008)","DOI":"10.1109\/ECOWS.2008.13"},{"key":"7_CR27","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-3-642-29231-6_7","volume-title":"Workshops on Business Informatics Research","author":"E Paja","year":"2012","unstructured":"Paja, E., Giorgini, P., Paul, S., Meland, P.H.: Security requirements engineering for secure business processes. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 77\u201389. Springer, Heidelberg (2012)"},{"key":"7_CR28","unstructured":"Salnitri, M., Giorgini, P.: Transforming socio-technical security requirements in SecBPMN security policies. In: 7th International i* Workshop. CEUR (2014)"},{"key":"7_CR29","unstructured":"ISO\/IEC 19506: Information technology - Object Management Group Architecture-Driven Modernization (ADM) - Knowledge Discovery Meta-Model (KDM). Technical report (2012)"},{"issue":"6","key":"7_CR30","doi-asserted-by":"publisher","first-page":"1370","DOI":"10.1016\/j.jss.2012.01.022","volume":"85","author":"R P\u00e9rez-Castillo","year":"2012","unstructured":"P\u00e9rez-Castillo, R., Cruz-Lemus, J.A., De Guzm\u00e1n, I.G.R., Piattini, M.: A family of case studies on business process mining using MARBLE. J. Syst. Softw. 85(6), 1370\u20131385 (2012)","journal-title":"J. Syst. Softw."},{"key":"7_CR31","unstructured":"Object Management Group: Business Process Model and Notation (BPMN) Version 2.0. Technical report (2011)"},{"key":"7_CR32","unstructured":"Fern\u00e1ndez-Ropero, M., P\u00e9rez-Castillo, R., Piattini, M.: Graph-based business process model refactoring. In: 3rd International Symposium on Data-driven Process Discovery and Analysis, pp. 16\u201330. CEUR (2013)"},{"key":"7_CR33","doi-asserted-by":"crossref","unstructured":"Fern\u00e1ndez-Ropero, M., P\u00e9rez-Castillo, R., Cruz-Lemus, J.A., Piattini, M.: Assessing the best-order for business process model refactoring. In: 28th Annual ACM Symposium on Applied Computing, pp. 1397\u20131402. ACM (2013)","DOI":"10.1145\/2480362.2480625"},{"issue":"02","key":"7_CR34","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1142\/S0218194007003240","volume":"17","author":"H Mouratidis","year":"2007","unstructured":"Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285\u2013309 (2007)","journal-title":"Int. J. Softw. Eng. Knowl. Eng."},{"key":"7_CR35","doi-asserted-by":"publisher","first-page":"813","DOI":"10.1002\/int.20432","volume":"25","author":"H Mouratidis","year":"2010","unstructured":"Mouratidis, H., Jurjens, J.: From goal-driven security requirements engineering to secure design. Int. J. Intell. Syst. 25, 813\u2013840 (2010)","journal-title":"Int. J. Intell. Syst."},{"key":"7_CR36","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1007\/978-3-642-29749-6_7","volume-title":"IS Olympics: Information Systems in a Diverse World","author":"M Pavlidis","year":"2012","unstructured":"Pavlidis, M., Islam, S., Mouratidis, H.: A CASE tool to support automated modelling and analysis of security requirements, based on secure tropos. In: Nurcan, S. (ed.) CAiSE Forum 2011. LNBIP, vol. 107, pp. 95\u2013109. Springer, Heidelberg (2012)"},{"key":"7_CR37","series-title":"Lecture Notes in Business Information Processing","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1007\/978-3-319-19243-7_46","volume-title":"Advanced Information Systems Engineering Workshops","author":"L M\u00e1rquez","year":"2015","unstructured":"M\u00e1rquez, L., Rosado, D.G., Mouratidis, H., Mellado, D., Fern\u00e1ndez-Medina, E.: A framework for secure migration processes of legacy systems to the cloud. In: Persson, A., Stirna, J. (eds.) CAiSE 2015 Workshops. LNBIP, vol. 215, pp. 507\u2013517. Springer, Heidelberg (2015)"},{"key":"7_CR38","doi-asserted-by":"crossref","unstructured":"Shei, S., M\u00e1rquez Alca\u00f1iz, L., Mouratidis, H., Delaney, A., Rosado, D.G., Fern\u00e1ndez-Medina, E.: Modelling secure cloud systems based on system requirements. In: 2nd Evolving Security & Privacy Requirements Engineering Workshop: Co-located with the 23rd IEEE International Requirements Engineering Conference, pp. 19\u201324 (2015)","DOI":"10.1109\/ESPRE.2015.7330163"}],"container-title":["Lecture Notes in Business Information Processing","The Practice of Enterprise Modeling"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-25897-3_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,31]],"date-time":"2025-05-31T05:18:46Z","timestamp":1748668726000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-25897-3_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319258966","9783319258973"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-25897-3_7","relation":{},"ISSN":["1865-1348","1865-1356"],"issn-type":[{"value":"1865-1348","type":"print"},{"value":"1865-1356","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"26 November 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}