{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:40:03Z","timestamp":1750502403792,"version":"3.41.0"},"reference-count":58,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T00:00:00Z","timestamp":1747353600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T00:00:00Z","timestamp":1747353600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Athens University of Economics & Business"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,6]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>Business Impact Analysis (BIA) evaluates how cyberattacks affect essential business processes and IT assets. Traditionally conducted through manual interviews by consultants, this approach is often inefficient and prone to errors and omissions. In this paper, we present an automated methodology leveraging process mining to assess the impact of cybersecurity incidents on business processes. This methodology extracts event logs from information systems to construct business dependency graphs, quantify impact propagation across them, and integrate cybersecurity risk inputs from security officers. Tested on procurement workflows for an international transportation company, and compared with established baselines as well as the insight and knowledge of the company itself, our methodology proved to be effective at identifying risks stemming from a cybersecurity incident without significant labor, as well as uncovering high-risk paths that weren\u2019t yet identified, resulting in actionable insights. This is an extended and revised version of this methodology, evaluated with an extensive case study encompassing a company\u2019s BIA, historical data and expert opinion, first presented in Raptaki (IEEE Access 12: 194322\u2013194339, 2024).<\/jats:p>","DOI":"10.1007\/s10207-025-01040-0","type":"journal-article","created":{"date-parts":[[2025,5,16]],"date-time":"2025-05-16T10:11:57Z","timestamp":1747390317000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Automated cybersecurity impact propagation across business processes using process mining techniques"],"prefix":"10.1007","volume":"24","author":[{"given":"Melina","family":"Raptaki","sequence":"first","affiliation":[]},{"given":"George","family":"Stergiopoulos","sequence":"additional","affiliation":[]},{"given":"Dimitris","family":"Gritzalis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,5,16]]},"reference":[{"key":"1040_CR1","doi-asserted-by":"publisher","first-page":"194322","DOI":"10.1109\/ACCESS.2024.3520420","volume":"12","author":"M Raptaki","year":"2024","unstructured":"Raptaki, M., Stergiopoulos, G., Gritzalis, D.: Automated event log analysis with causal dependency graphs for impact assessment of business processes. IEEE Access 12, 194322\u2013194339 (2024). https:\/\/doi.org\/10.1109\/ACCESS.2024.3520420","journal-title":"IEEE Access"},{"key":"1040_CR2","unstructured":"ISO\/TS 22317:2021, Security and resilience \u2014 business continuity management systems \u2014 guidelines for business impact analysis, 2021"},{"key":"1040_CR3","doi-asserted-by":"publisher","unstructured":"NIST SP, Managing information security risk: organization, mission, and information system view. National Institute of Standards and Technology, Gaithersburg, MD, NIST SP 800\u201339, 2011. https:\/\/doi.org\/10.6028\/NIST.SP.800-39","DOI":"10.6028\/NIST.SP.800-39"},{"key":"1040_CR4","doi-asserted-by":"publisher","unstructured":"Syalim, A., Hori, Y., Sakurai, K.: Comparison of risk analysis methods: mehari, magerit, NIST800\u201330 and microsoft\u2019s security management guide. In 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan: IEEE, 2009, pp. 726\u2013731. https:\/\/doi.org\/10.1109\/ARES.2009.75","DOI":"10.1109\/ARES.2009.75"},{"issue":"8","key":"1040_CR5","doi-asserted-by":"publisher","first-page":"2941","DOI":"10.1080\/00207543.2018.1444806","volume":"56","author":"LD Xu","year":"2018","unstructured":"Xu, L.D., Xu, E.L., Li, L.: Industry 4.0: state of the art and future trends. Int. J. Prod. Res. 56(8), 2941\u20132962 (2018). https:\/\/doi.org\/10.1080\/00207543.2018.1444806","journal-title":"Int. J. Prod. Res."},{"key":"1040_CR6","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1016\/j.future.2014.09.005","volume":"46","author":"S Schulte","year":"2015","unstructured":"Schulte, S., Janiesch, C., Venugopal, S., Weber, I., Hoenisch, P.: Elastic business process management: state of the art and open challenges for BPM in the cloud. Future Gener. Comput. Syst. 46, 36\u201350 (2015). https:\/\/doi.org\/10.1016\/j.future.2014.09.005","journal-title":"Future Gener. Comput. Syst."},{"issue":"4","key":"1040_CR7","doi-asserted-by":"publisher","first-page":"349","DOI":"10.31803\/tg-20181008155243","volume":"13","author":"J Tupa","year":"2019","unstructured":"Tupa, J., Steiner, F.: Industry 4.0 and business process management. Teh. Glas. 13(4), 349\u2013355 (2019). https:\/\/doi.org\/10.31803\/tg-20181008155243","journal-title":"Teh. Glas."},{"key":"1040_CR8","doi-asserted-by":"publisher","unstructured":"Van Der Aalst, W.: Process Mining. Berlin, Heidelberg: Springer Berlin Heidelberg, 2016. https:\/\/doi.org\/10.1007\/978-3-662-49851-4","DOI":"10.1007\/978-3-662-49851-4"},{"issue":"4","key":"1040_CR9","doi-asserted-by":"publisher","first-page":"464","DOI":"10.1016\/j.compind.2013.02.001","volume":"64","author":"F Caron","year":"2013","unstructured":"Caron, F., Vanthienen, J., Baesens, B.: A comprehensive investigation of the applicability of process mining techniques for enterprise risk management. Comput. Ind. 64(4), 464\u2013475 (2013). https:\/\/doi.org\/10.1016\/j.compind.2013.02.001","journal-title":"Comput. Ind."},{"key":"1040_CR10","doi-asserted-by":"publisher","first-page":"145","DOI":"10.24989\/ocg.v325.13","volume":"325","author":"R Kelemen","year":"2018","unstructured":"Kelemen, R.: Systematic review on process mining and security. Cent. East. Eur. EDem EGov Days 325, 145\u2013164 (2018). https:\/\/doi.org\/10.24989\/ocg.v325.13","journal-title":"Cent. East. Eur. EDem EGov Days"},{"key":"1040_CR11","doi-asserted-by":"publisher","unstructured":"Suriadi, S., et al.: Current research in risk-aware business process management\u2015overview, comparison, and gap analysis. Commun. Assoc. Inf. Syst., 34, (2014). https:\/\/doi.org\/10.17705\/1CAIS.03452","DOI":"10.17705\/1CAIS.03452"},{"key":"1040_CR12","doi-asserted-by":"publisher","unstructured":"Tjoa, S., Jakoubi, S., Quirchmayr, G.: Enhancing business impact analysis and risk assessment applying a risk-aware business process modeling and simulation methodology. In 2008 third international conference on availability, reliability and security, IEEE, pp. 179\u2013186 (2008). https:\/\/doi.org\/10.1109\/ARES.2008.206","DOI":"10.1109\/ARES.2008.206"},{"issue":"3","key":"1040_CR13","doi-asserted-by":"publisher","first-page":"1357","DOI":"10.1016\/j.dss.2012.12.012","volume":"54","author":"F Caron","year":"2013","unstructured":"Caron, F., Vanthienen, J., Baesens, B.: Comprehensive rule-based compliance checking and risk management with process mining. Decis. Support. Syst. 54(3), 1357\u20131369 (2013). https:\/\/doi.org\/10.1016\/j.dss.2012.12.012","journal-title":"Decis. Support. Syst."},{"key":"1040_CR14","doi-asserted-by":"publisher","unstructured":"Dedousis, P., Raptaki, M., Stergiopoulos, G., Gritzalis, D.: Towards an automated business process model risk assessment: a process mining approach. In: Proceedings of the 19th international conference on security and cryptography, Lisbon, Portugal: SCITEPRESS - Science and Technology Publications, pp. 35\u201346 (2022). https:\/\/doi.org\/10.5220\/0011135600003283","DOI":"10.5220\/0011135600003283"},{"key":"1040_CR15","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.IR.8286","author":"K Stine","year":"2020","unstructured":"Stine, K., Quinn, S., Witte, G., Gardner, R.K.: Integrating cybersecurity and enterprise risk management (ERM). Natl Inst Stand Technol (2020). https:\/\/doi.org\/10.6028\/NIST.IR.8286","journal-title":"Natl Inst Stand Technol"},{"key":"1040_CR16","doi-asserted-by":"publisher","unstructured":"Quinn, S., et al.: Using business impact analysis to inform risk prioritization and response. National institute of standards and technology (U.S.), Gaithersburg, MD, NIST IR 8286D, (2022). https:\/\/doi.org\/10.6028\/NIST.IR.8286D","DOI":"10.6028\/NIST.IR.8286D"},{"key":"1040_CR17","doi-asserted-by":"publisher","unstructured":"Burton, S. L., Protection via business impact analysis in a cyber world: A 3-part series. In 17th international conference on information technology\u2013new generations (ITNG 2020), vol. 1134, S. Latifi, Ed., in Advances in Intelligent Systems and Computing, vol 1134, pp 3\u20138, Cham, Springer International Publishing (2020). https:\/\/doi.org\/10.1007\/978-3-030-43020-7_1","DOI":"10.1007\/978-3-030-43020-7_1"},{"key":"1040_CR18","doi-asserted-by":"publisher","DOI":"10.19044\/esj.2020.v16n4p1","author":"A Strelicz","year":"2020","unstructured":"Strelicz, A., Bogn\u00e1r, F.: Integrated risk and business impact analysis: a kind of support for ISO 22301. Eur. Sci. J. ESJ (2020). https:\/\/doi.org\/10.19044\/esj.2020.v16n4p1","journal-title":"Eur. Sci. J. ESJ"},{"key":"1040_CR19","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1016\/j.ssci.2014.04.017","volume":"68","author":"SA Torabi","year":"2014","unstructured":"Torabi, S.A., Rezaei Soufi, H., Sahebjamnia, N.: A new framework for business impact analysis in business continuity management (with a case study). Saf. Sci. 68, 309\u2013323 (2014). https:\/\/doi.org\/10.1016\/j.ssci.2014.04.017","journal-title":"Saf. Sci."},{"issue":"1\u20132","key":"1040_CR20","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1504\/IJCIS.2013.051606","volume":"9","author":"P Kotzanikolaou","year":"2013","unstructured":"Kotzanikolaou, P., Theoharidou, M., Gritzalis, D.: Assessing n-order dependencies between critical infrastructures. Int. J. Crit. Infrastruct. 9(1\u20132), 93\u2013110 (2013)","journal-title":"Int. J. Crit. Infrastruct."},{"issue":"2\/3","key":"1040_CR21","doi-asserted-by":"publisher","first-page":"184","DOI":"10.1504\/IJCIS.2017.088231","volume":"13","author":"G Stergiopoulos","year":"2017","unstructured":"Stergiopoulos, G., Kouktzoglou, V., Theocharidou, M., Gritzalis, D.: A process-based dependency risk analysis methodology for critical infrastructures. Int. J. Crit. Infrastruct. 13(2\/3), 184 (2017). https:\/\/doi.org\/10.1504\/IJCIS.2017.088231","journal-title":"Int. J. Crit. Infrastruct."},{"key":"1040_CR22","doi-asserted-by":"publisher","unstructured":"Al-Essa, H. A., Al-Sharidah, A. H.: An approach to automate business impact analysis. In: 2018 IEEE international systems engineering symposium (ISSE), Rome: IEEE, 2018, pp 1\u20133. https:\/\/doi.org\/10.1109\/SysEng.2018.8544438","DOI":"10.1109\/SysEng.2018.8544438"},{"issue":"3","key":"1040_CR23","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1080\/19393555.2010.551274","volume":"20","author":"P Sikdar","year":"2011","unstructured":"Sikdar, P.: Alternate approaches to business impact analysis. Inf. Secur. J. Glob. Perspect. 20(3), 128\u2013134 (2011). https:\/\/doi.org\/10.1080\/19393555.2010.551274","journal-title":"Inf. Secur. J. Glob. Perspect."},{"key":"1040_CR24","doi-asserted-by":"publisher","unstructured":"Bartolini, C., Stefanelli, C., Tortonesi, M. Business-impact analysis and simulation of critical incidents in IT service management. In: 2009 IFIP\/IEEE international symposium on integrated network management, New York, NY, USA: IEEE, pp. 9\u201316 (2009). https:\/\/doi.org\/10.1109\/INM.2009.5188781","DOI":"10.1109\/INM.2009.5188781"},{"issue":"1","key":"1040_CR25","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/s00450-013-0247-3","volume":"30","author":"S Radesch\u00fctz","year":"2015","unstructured":"Radesch\u00fctz, S., Schwarz, H., Niedermann, F.: Business impact analysis\u2014a framework for a comprehensive analysis and optimization of business processes. Comput. Sci. - Res. Dev. 30(1), 69\u201386 (2015). https:\/\/doi.org\/10.1007\/s00450-013-0247-3","journal-title":"Comput. Sci. - Res. Dev."},{"issue":"1","key":"1040_CR26","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1109\/TNSM.2010.I9P0305","volume":"7","author":"T Setzer","year":"2010","unstructured":"Setzer, T., Bhattacharya, K., Ludwig, H.: Change scheduling based on business impact analysis of change-related risk. IEEE Trans. Netw. Serv. Manag. 7(1), 58\u201371 (2010). https:\/\/doi.org\/10.1109\/TNSM.2010.I9P0305","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"issue":"1","key":"1040_CR27","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/s10207-020-00533-4","volume":"21","author":"G Stergiopoulos","year":"2022","unstructured":"Stergiopoulos, G., Dedousis, P., Gritzalis, D.: Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in Industry 4.0. Int. J. Inf. Secur. 21(1), 37\u201359 (2022). https:\/\/doi.org\/10.1007\/s10207-020-00533-4","journal-title":"Int. J. Inf. Secur."},{"key":"1040_CR28","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-023-00731-w","author":"K Adamos","year":"2023","unstructured":"Adamos, K., Stergiopoulos, G., Karamousadakis, M., Gritzalis, D.: Enhancing attack resilience of cyber-physical systems through state dependency graph models. Int. J. Inf. Secur. (2023). https:\/\/doi.org\/10.1007\/s10207-023-00731-w","journal-title":"Int. J. Inf. Secur."},{"issue":"1","key":"1040_CR29","doi-asserted-by":"publisher","first-page":"1219","DOI":"10.1038\/srep01219","volume":"3","author":"X Huang","year":"2013","unstructured":"Huang, X., Vodenska, I., Havlin, S., Stanley, H.E.: Cascading failures in bi-partite graphs: model for systemic risk propagation. Sci. Rep. 3(1), 1219 (2013). https:\/\/doi.org\/10.1038\/srep01219","journal-title":"Sci. Rep."},{"key":"1040_CR30","doi-asserted-by":"publisher","first-page":"223234","DOI":"10.1109\/ACCESS.2020.3045340","volume":"8","author":"G Lykou","year":"2020","unstructured":"Lykou, G., Dedousis, P., Stergiopoulos, G., Gritzalis, D.: Assessing interdependencies and congestion delays in the aviation network. IEEE Access 8, 223234\u2013223254 (2020). https:\/\/doi.org\/10.1109\/ACCESS.2020.3045340","journal-title":"IEEE Access"},{"issue":"25","key":"1040_CR31","doi-asserted-by":"publisher","first-page":"169912","DOI":"10.4108\/eai.11-5-2021.169912","volume":"7","author":"V Trieu-Do","year":"2021","unstructured":"Trieu-Do, V., Garcia-Lebron, R., Xu, M., Xu, S., Feng, Y.: Characterizing and leveraging granger causality in cybersecurity: framework and case study. ICST Trans. Secur. Saf. 7(25), 169912 (2021). https:\/\/doi.org\/10.4108\/eai.11-5-2021.169912","journal-title":"ICST Trans. Secur. Saf."},{"key":"1040_CR32","doi-asserted-by":"publisher","unstructured":"Maiti, R. R., Adepu, S., Lupu, E.: ICCPS: impact discovery using causal inference for cyber attacks in CPSs. 2023. arXiv. https:\/\/doi.org\/10.48550\/ARXIV.2307.14161","DOI":"10.48550\/ARXIV.2307.14161"},{"key":"1040_CR33","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1016\/j.cose.2018.06.002","volume":"78","author":"D Myers","year":"2018","unstructured":"Myers, D., Suriadi, S., Radke, K., Foo, E.: Anomaly detection for industrial control systems using process mining. Comput. Secur. 78, 103\u2013125 (2018). https:\/\/doi.org\/10.1016\/j.cose.2018.06.002","journal-title":"Comput. Secur."},{"key":"1040_CR34","volume-title":"New York","author":"ICT systems security and privacy protection","year":"2017","unstructured":"ICT systems security and privacy protection: New York. Springer, Berlin Heidelberg, NY (2017)"},{"key":"1040_CR35","doi-asserted-by":"publisher","DOI":"10.14569\/IJACSA.2024.0150266","author":"TN Gongada","year":"2024","unstructured":"Gongada, T.N., et al.: Leveraging machine learning for enhanced cyber attack detection and defence in big data management and process mining. Int. J. Adv. Comput. Sci. Appl. (2024). https:\/\/doi.org\/10.14569\/IJACSA.2024.0150266","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"1040_CR36","doi-asserted-by":"publisher","unstructured":"Macak, M., Vanat, I., Merjavy, M., Jevocin, T., Buhnova, B.: Towards process mining utilization in insider threat detection from audit logs. In: 2020 seventh international conference on social networks analysis, management and security (SNAMS), Paris, France: IEEE, pp. 1\u20136. (2020). https:\/\/doi.org\/10.1109\/SNAMS52053.2020.9336573","DOI":"10.1109\/SNAMS52053.2020.9336573"},{"key":"1040_CR37","doi-asserted-by":"publisher","unstructured":"Turner, R. C.: Process mining for asymmetric cybersecurity audit. In: 2022 IEEE International Conference on Cyber Security and Resilience (CSR), Rhodes, Greece: IEEE, pp. 293\u2013298. (2022). https:\/\/doi.org\/10.1109\/CSR54599.2022.9850298","DOI":"10.1109\/CSR54599.2022.9850298"},{"key":"1040_CR38","doi-asserted-by":"publisher","unstructured":"Khan, M. A., Pradhan, S. K., Fatima, H. Applying data mining techniques in cyber crimes. In 2017 2nd International Conference on Anti-Cyber Crimes (ICACC), Abha, Saudi Arabia: IEEE, pp. 213\u2013216. (2017). https:\/\/doi.org\/10.1109\/Anti-Cybercrime.2017.7905293","DOI":"10.1109\/Anti-Cybercrime.2017.7905293"},{"key":"1040_CR39","doi-asserted-by":"publisher","unstructured":"Macak, M., Oslejsek, R., Buhnova, B.: Applying process discovery to cybersecurity training: an experience report. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy: IEEE, pp. 394\u2013402. (2022). https:\/\/doi.org\/10.1109\/EuroSPW55150.2022.00047","DOI":"10.1109\/EuroSPW55150.2022.00047"},{"key":"1040_CR40","doi-asserted-by":"publisher","unstructured":"Hemmer, A., Badonnel, R., Chrisment, I.: A process mining approach for supporting IoT predictive security. In: NOMS 2020\u20132020 IEEE\/IFIP Network Operations and Management Symposium, Budapest, Hungary: IEEE, pp. 1\u20139. (2020). https:\/\/doi.org\/10.1109\/NOMS47738.2020.9110411","DOI":"10.1109\/NOMS47738.2020.9110411"},{"key":"1040_CR41","doi-asserted-by":"publisher","unstructured":"Pery, A., Rafiei, M., Simon, M., Van Der Aalst, W. M. P.: Trustworthy artificial intelligence and process mining: challenges and opportunities. In: Process Mining Workshops, vol. 433, J. Munoz-Gama and X. Lu, Eds., in Lecture Notes in Business Information Processing, vol. 433, Cham: Springer International Publishing, pp. 395\u2013407. (2022). https:\/\/doi.org\/10.1007\/978-3-030-98581-3_29","DOI":"10.1007\/978-3-030-98581-3_29"},{"issue":"9","key":"1040_CR42","doi-asserted-by":"publisher","first-page":"1128","DOI":"10.1109\/TKDE.2004.47","volume":"16","author":"W Van Der Aalst","year":"2004","unstructured":"Van Der Aalst, W., Weijters, T., Maruster, L.: Workflow mining: discovering process models from event logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128\u20131142 (2004). https:\/\/doi.org\/10.1109\/TKDE.2004.47","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"1040_CR43","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1016\/j.ieri.2014.03.008","volume":"6","author":"C Giuseppe","year":"2014","unstructured":"Giuseppe, C., Valerio, M., Teresa, M., Carmela, S.L.: A simulation approach in process mining conformance analysis. The introduction of a brand new BPMN element. IERI Procedia 6, 45\u201351 (2014). https:\/\/doi.org\/10.1016\/j.ieri.2014.03.008","journal-title":"IERI Procedia"},{"issue":"4","key":"1040_CR44","doi-asserted-by":"publisher","first-page":"93","DOI":"10.4018\/ijismd.2013100105","volume":"4","author":"O Altuhhov","year":"2013","unstructured":"Altuhhov, O., Matulevi\u010dius, R., Ahmed, N.: An extension of business process model and notation for security risk management. Int. J. Inf. Syst. Model. Des. 4(4), 93\u2013113 (2013). https:\/\/doi.org\/10.4018\/ijismd.2013100105","journal-title":"Int. J. Inf. Syst. Model. Des."},{"key":"1040_CR45","doi-asserted-by":"publisher","first-page":"1247","DOI":"10.1016\/j.procs.2021.01.324","volume":"181","author":"P Cardoso","year":"2021","unstructured":"Cardoso, P., Resp\u00edcio, A., Domingos, D.: riskaBPMN - a BPMN extension for risk assessment. Procedia Comput. Sci. 181, 1247\u20131254 (2021). https:\/\/doi.org\/10.1016\/j.procs.2021.01.324","journal-title":"Procedia Comput. Sci."},{"key":"1040_CR46","doi-asserted-by":"publisher","unstructured":"Marcinkowski, B., Kuciapski, M.: A business process modeling notation extension for risk handling. In: Computer Information Systems and Industrial Management, A. Cortesi, N. Chaki, K. Saeed, and S. Wierzcho\u0144, Eds., in Lecture Notes in Computer Science, vol. 7564, pp. 374\u2013381. Berlin, Heidelberg: Springer Berlin Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-33260-9_32","DOI":"10.1007\/978-3-642-33260-9_32"},{"key":"1040_CR47","doi-asserted-by":"publisher","unstructured":"Meland, P. H., Gjaere, E. A.: Representing threats in BPMN 2.0. In: 2012 Seventh International Conference on Availability, Reliability and Security, Prague, TBD, Czech Republic: IEEE, pp. 542\u2013550. (2012). https:\/\/doi.org\/10.1109\/ARES.2012.13","DOI":"10.1109\/ARES.2012.13"},{"key":"1040_CR48","unstructured":"Fang, P., et al.: Back-propagating system dependency impact for attack investigation. In: Proceedings of the 31th USENIX Security Symposium, pp. 2461\u20132478. Boston, USA: USENIX Association (2022)"},{"key":"1040_CR49","doi-asserted-by":"publisher","unstructured":"Van Dongen, B. F., De Medeiros, A. K. A., Verbeek, H. M. W., Weijters, A. J. M. M., Van Der Aalst, W. M. P.: The ProM framework: a new era in process mining tool support. In Applications and Theory of Petri Nets 2005, G. Ciardo and P. Darondeau, Eds., In: Lecture Notes in Computer Science, vol. 3536, pp. 444\u2013454. Berlin, Heidelberg: Springer Berlin Heidelberg (2005). https:\/\/doi.org\/10.1007\/11494744_25","DOI":"10.1007\/11494744_25"},{"key":"1040_CR50","unstructured":"IEEE. IEEE 1849\u20132016 XES Standard. XES. [Online]. Available: https:\/\/xes-standard.org"},{"issue":"3","key":"1040_CR51","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1016\/j.compind.2003.10.001","volume":"53","author":"WMP Van Der Aalst","year":"2004","unstructured":"Van Der Aalst, W.M.P., Weijters, A.J.M.M.: Process mining: a research agenda. Comput. Ind. 53(3), 231\u2013244 (2004). https:\/\/doi.org\/10.1016\/j.compind.2003.10.001","journal-title":"Comput. Ind."},{"issue":"8","key":"1040_CR52","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1145\/2240236.2240257","volume":"55","author":"W Van Der Aalst","year":"2012","unstructured":"Van Der Aalst, W.: Process mining. Commun. ACM 55(8), 76\u201383 (2012). https:\/\/doi.org\/10.1145\/2240236.2240257","journal-title":"Commun. ACM"},{"key":"1040_CR53","doi-asserted-by":"publisher","unstructured":"Van Dongen, B. F., Alves De Medeiros, A. K., Wen, L.: Process mining: overview and outlook of petri net discovery algorithms. In Transactions on Petri Nets and Other Models of Concurrency II, K. Jensen and W. M. P. Van Der Aalst, Eds., in Lecture Notes in Computer Science, vol. 5460, pp. 225\u2013242. Berlin, Heidelberg: Springer Berlin Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-00899-3_13","DOI":"10.1007\/978-3-642-00899-3_13"},{"key":"1040_CR54","unstructured":"Gunther, C. W., Verbeek, H. M. W.: XES - standard definition. BPMcenter. org, Vol. 1409"},{"key":"1040_CR55","doi-asserted-by":"publisher","unstructured":"Verbeek, H. M. W., Buijs, J. C. A. M., Van Dongen, B. F., Van Der Aalst, W. M. P.: XES, XESame, and ProM 6. In: Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications, E. Bayro-Corrochano and E. Hancock, Eds., in Lecture Notes in Computer Science, vol. 8827, pp. 60\u201375. Cham: Springer International Publishing (2011). https:\/\/doi.org\/10.1007\/978-3-642-17722-4_5","DOI":"10.1007\/978-3-642-17722-4_5"},{"key":"1040_CR56","unstructured":"Verbeek, H. M. W., Buijs, J. C. A. M., Dongen, van, B. F., Aalst, van der, W. M. P.: ProM 6\u202f: the process mining toolkit. In Proceedings of the Business Process Management 2010 Demonstration Track (Hoboken NJ, USA, September 14\u201316, 2010), in CEUR Workshop Proceedings. CEUR-WS.org, pp. 34\u201339 (2010)"},{"key":"1040_CR57","doi-asserted-by":"publisher","unstructured":"G\u00fcnther, C. W., Van Der Aalst, W. M. P.: A generic import framework for process event logs. In: Business Process Management Workshops, J. Eder and S. Dustdar, Eds., In Lecture Notes in Computer Science, vol. 4103, pp. 81\u201392. Berlin, Heidelberg: Springer Berlin Heidelberg (2006). https:\/\/doi.org\/10.1007\/11837862_10","DOI":"10.1007\/11837862_10"},{"issue":"11","key":"1040_CR58","doi-asserted-by":"publisher","first-page":"1649","DOI":"10.1093\/comjnl\/bxx040","volume":"60","author":"HMW Verbeek","year":"2017","unstructured":"Verbeek, H.M.W., Van der Aalst, W.M.P., Munoz-Gama, J.: Divide and conquer: a tool framework for supporting decomposed discovery in process mining. Comput. J. 60(11), 1649\u20131674 (2017). https:\/\/doi.org\/10.1093\/comjnl\/bxx040","journal-title":"Comput. J."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01040-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01040-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01040-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T10:11:54Z","timestamp":1750500714000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01040-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,5,16]]},"references-count":58,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2025,6]]}},"alternative-id":["1040"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01040-0","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2025,5,16]]},"assertion":[{"value":"14 April 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 May 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"129"}}