{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:32:20Z","timestamp":1762003940597},"reference-count":60,"publisher":"Springer Science and Business Media LLC","issue":"3-4","license":[{"start":{"date-parts":[[2006,10,1]],"date-time":"2006-10-01T00:00:00Z","timestamp":1159660800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Electron Commerce Res"],"published-print":{"date-parts":[[2006,10]]},"DOI":"10.1007\/s10660-006-8677-7","type":"journal-article","created":{"date-parts":[[2006,9,28]],"date-time":"2006-09-28T02:29:49Z","timestamp":1159410589000},"page":"305-335","source":"Crossref","is-referenced-by-count":50,"title":["Security requirement analysis of business processes"],"prefix":"10.1007","volume":"6","author":[{"given":"Peter","family":"Herrmann","sequence":"first","affiliation":[]},{"given":"Gaby","family":"Herrmann","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"8677_CR1","unstructured":"Atluri, V., Huang, W.-K., & Bertino, E. (1997). An execution model for multilevel secure workflows. In Proceedings of the IFIP 11.3 Workshop on Database Security."},{"key":"8677_CR2","doi-asserted-by":"crossref","unstructured":"Bardohl, R., Taentzer, G., Minas, M., & Sch\u00fcrr, A. (1999). Application of graph transformation to visual languages. In Handbook on Graph Grammars and Computing by Graph Transformation, Volume 2: Applications, Languages and Tools, Chapter 1. World Scientific.","DOI":"10.1142\/9789812815149_0003"},{"key":"8677_CR3","volume-title":"Designing Information Systems Security","author":"R. Baskerville","year":"1988","unstructured":"Baskerville, R. (1988). Designing Information Systems Security. Chichester: Wiley & Sons."},{"issue":"4","key":"8677_CR4","doi-asserted-by":"crossref","first-page":"375","DOI":"10.1145\/162124.162127","volume":"25","author":"R. Baskerville","year":"1993","unstructured":"Baskerville, R. (1993). Information systems design methods : Implications for information systems development. ACM Computing Surveys, 25(4), 375\u2013414.","journal-title":"ACM Computing Surveys"},{"key":"8677_CR5","doi-asserted-by":"crossref","unstructured":"Bertino, E., Ferrari, E., & Atluri, V. (1997). A flexible model supporting the specification and enforcement of role-based authorizations in workflow management systems. In Proceedings of the 2nd ACM Workshop on Role-Based Access Control.","DOI":"10.1145\/266741.266746"},{"key":"8677_CR6","unstructured":"Booch, G., Rumbaugh, J., & Jacobson, I. (1999). The unified modeling language user guide. Addison-Wesley Longman."},{"key":"8677_CR7","volume-title":"Security: Checklist for computer center self-audits","author":"P. Browne","year":"1979","unstructured":"Browne, P. (1979). Security: Checklist for computer center self-audits. Arlington: AFIPS Press."},{"issue":"2","key":"8677_CR8","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/0167-4048(87)90085-X","volume":"6","author":"T. Bui","year":"1987","unstructured":"Bui, T., & Sivasankaran, T. (1987). Cost-Effectiveness Modeling for a Decision Support System in Computer Security. Computer Security, 6(2), 139\u2013151.","journal-title":"Computer Security"},{"key":"8677_CR9","unstructured":"Bu\u00dfler, C. (1995). Access control in workflow management systems. In Proceedings of the IT Security\u201994 Conference (pp. 165\u2013179), Oldenbourg-Verlag Munich."},{"key":"8677_CR10","first-page":"293","volume-title":"Computer Security A Global Challenge","author":"J. Carroll","year":"1984","unstructured":"Carroll, J., & Maclver, W. (1984). Towards an expert system for computer facility certification. In Computer Security A Global Challenge, (pp. 293\u2013306). Amsterdam: North-Holland"},{"key":"8677_CR11","unstructured":"CCTA. (1991). SSADM-CRAMM, Subject guide for SSADM version 3 and CRAMM version 2. London: CCTA."},{"key":"8677_CR12","unstructured":"Chisnall, W. R. (1997). Applying risk analysis methods to university systems. In Proceedings of the EUNIS 97 Congress, Grenoble."},{"key":"8677_CR13","unstructured":"Clarke, R. (1999). Identified, anonymous and pseudonymous transactions : The spectrum of choice. In IFIP WG 8.5\/9.6 Working Concerence on User Identification & Privacy Protection, Stockholm."},{"key":"8677_CR14","unstructured":"Computer Security Consultants, Ridgefield. (1988). Using decision analysis to estimate computer security risk."},{"key":"8677_CR15","unstructured":"Courtney, R. (1977). Security risk assessment in electronic data processing. In AFIPS Conference Proceedings of the National Computer Conference 46 (pp. 97\u2013104). Arlington:AFIPS."},{"issue":"9","key":"8677_CR16","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1145\/130994.130998","volume":"35","author":"B. Curtis","year":"1992","unstructured":"Curtis, B., Kellner, M.I., & Over, J. (1992). Process modeling. Communications of the ACM, 35(9), 75\u201390.","journal-title":"Communications of the ACM"},{"key":"8677_CR17","unstructured":"Data Interchange Standards Association. (2001). X12 Standard, release 4050 edition, December."},{"key":"8677_CR18","unstructured":"Demuth, T., & Rieke, A. (2003). Bilateral anonymity and prevention of abusing logged web addresses. In 2000 Military Communications International Symposium, Los Angeles."},{"key":"8677_CR19","unstructured":"Finne, T. (1996). Computer support for information security analysis in a small business environment. In Jan. H.P. Eloff, (Ed.), Proceedings of the IFIP TC11 WG 11.2 on small systems security, (pp. 73\u201388), Samos."},{"key":"8677_CR20","volume-title":"Information Systems Security","author":"R. Fisher","year":"1984","unstructured":"Fisher, R. (1984). Information Systems Security. Englewood Cliffs: Prentice-Hall."},{"issue":"4","key":"8677_CR21","doi-asserted-by":"crossref","first-page":"297","DOI":"10.1016\/S0167-9236(98)00057-8","volume":"23","author":"B. Gavish","year":"1998","unstructured":"Gavish, B., & Gerdes, J. (1998). Anonymous mechanisms in group decision support systems communication. Decision Support Systems, 23(4), 297\u2013328.","journal-title":"Decision Support Systems"},{"issue":"6","key":"8677_CR22","doi-asserted-by":"crossref","first-page":"493","DOI":"10.1016\/0167-4048(87)90030-7","volume":"6","author":"S. Guarro","year":"1987","unstructured":"Guarro, S. (1987). Principles and Procedures of the LRAM Approach to Information Systems Risk Analysis and Management. Computer Security, 6(6), 493\u2013504.","journal-title":"Computer Security"},{"key":"8677_CR23","unstructured":"Herrmann, G. (2002) Verl\u00e4U\u00dflichkeit von Gesch\u00e4Uftsprozessen\u2014Konzeptionelle Modellbildung und Realisierungsrahmen. Logos Verlag, Published Version of Doctoral Thesis. In German."},{"key":"8677_CR24","doi-asserted-by":"crossref","unstructured":"Herrmann, G., & Pernul, G. (1998). Towards security semantics in workflow management. In Proceedings of the 31st Annual Hawaii International Conference on System Sciences (HICSS-31). IEEE Computer Society Press.","DOI":"10.1109\/HICSS.1998.649280"},{"issue":"3","key":"8677_CR25","doi-asserted-by":"crossref","first-page":"89","DOI":"10.1080\/10864415.1999.11518343","volume":"3","author":"G. Herrmann","year":"1999","unstructured":"Herrmann, G., & Pernul, G. (1999). Viewing business process security from different perspectives. International Journal of Electronic Commerce, 3(3), 89\u2013103.","journal-title":"International Journal of Electronic Commerce"},{"key":"8677_CR26","doi-asserted-by":"crossref","unstructured":"Herrmann, P. (2001). Information flow analysis of component-structured applications. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC\u20192001) (pp. 45\u201354). New Orleans: ACM SIGSAC, IEEE Computer Society Press.","DOI":"10.1109\/ACSAC.2001.991520"},{"key":"8677_CR27","unstructured":"Herrmann, P., & Krumm, H. (2001). Object-oriented security analysis and modeling. In Proceedings of the 9th International Conference on Telecommunication Systems\u2014Modelling and Analysis (pp. 21\u201332). Dallas: ATSMA, IFIP."},{"key":"8677_CR28","unstructured":"Herrmann, P., Wiebusch, L., & Krumm, H. (2001). Tool-assisted security assessment of distributed applications. In Proceedings of the 3rd IFIP WG 6.1 International Working Conference on Distributed Applications and Interoperable Systems (DAIS 2001) (pp. 289\u2013294). Krakow: Kluwer."},{"key":"8677_CR29","unstructured":"Hoffman, L., Michelman, E., & Clements, D. (1978). SECURATE\u2014Security evaluation and analysis using fuzzy metrics. In AFIPS Conference Proceedings of the National Computer Conference 47 (pp. 531\u2013540). Arlington. AFIPS."},{"key":"8677_CR30","unstructured":"Holbein, R., Teufel, S., & Bauknecht, K. (1996). The use of business process models for security design in organizations. In S. Katsikas & D. Gritzalis (Eds.). Proceedings of the IFIP TC11 conference on information systems security (pp. 13\u201322). London: Chapman & Hall."},{"key":"8677_CR31","volume-title":"Computer security handbook","author":"D. Hoyt","year":"1973","unstructured":"Hoyt, D. (1973). Computer security handbook. New York: Macmillan."},{"key":"8677_CR32","unstructured":"Hudoklin, A., & Stadler, A. (1997). Security and Privacy of Electronic Commerce. In Proceedings of the 10th International Bled Electronic Commerce Conference (pp. 523\u2013535). Moderna Organizacija."},{"key":"8677_CR33","doi-asserted-by":"crossref","unstructured":"Hung, P.C.K., & Karlapalem, K. (1997). A Paradigm for Security Enforcement in CapBasED-AMS. In Proceedings of the 2nd IFCIS International Conference on Cooperative Information Systems (CoopIS\u201997) (pp. 79\u201388).","DOI":"10.1109\/COOPIS.1997.613805"},{"key":"8677_CR34","unstructured":"ISO\/IEC. (1998). Common criteria for information technology security evaluation. International Standard ISO\/IEC 15408."},{"key":"8677_CR35","doi-asserted-by":"crossref","unstructured":"Kienzle, D.M., & Wulf, W.A. (1997). A Practical Approach to Security Assessment. In Proceedings of the Workshop New Security Paradigms \u201997 (pp. 5\u201316). Lake District.","DOI":"10.1145\/283699.283731"},{"key":"8677_CR36","volume-title":"SAFE: Security audit and field evaluation for computer facilities and information systems","author":"L. Krauss","year":"1972","unstructured":"Krauss, L. (1972). SAFE: Security audit and field evaluation for computer facilities and information systems. New York: Amacon."},{"issue":"8","key":"8677_CR37","doi-asserted-by":"crossref","first-page":"695","DOI":"10.1016\/S0167-4048(97)89722-2","volume":"15","author":"L.F. Kwok","year":"1996","unstructured":"Kwok, L.F., & Longley, D. (1996). A security officer\u2019s workbench. Computers & Security, 15(8), 695\u2013705.","journal-title":"Computers & Security"},{"key":"8677_CR38","unstructured":"Lacoste, G. (1995). SEMPER: A Security Framework for the Global Electronic Marketplace. SEMPER document 431LG042\/Draft\/25 August 1997\/public."},{"key":"8677_CR39","unstructured":"Leiwo, J., Gamage, C., & Zheng, Y. (1998). Harmonizer\u2014A Tool for Processing Information Security Requirements in Organization. In Proceedings of the 3rd Nordic Workshop on Secure Computer Systems (NORDSEC\u201998), Trondheim."},{"key":"8677_CR40","doi-asserted-by":"crossref","unstructured":"Lund, M. S., den Braber, F., & St\u00f8len, K. (2003). Maintaining Results from Security Assessments. In Proceedings of the 7th European Conference on Software Maintenance and Reengineering (CSMR\u20192003) (pp. 341\u2013350). IEEE Computer Society Press.","DOI":"10.1109\/CSMR.2003.1192442"},{"key":"8677_CR41","unstructured":"OBI Consortium. (1999). OBI Technical Specifications\u2014Open Buying on the Internet, draft release v2.1 edition."},{"issue":"4","key":"8677_CR42","first-page":"229","volume":"11","author":"W. Ozier","year":"1989","unstructured":"Ozier, W. (1989). Risk Quantification Problems and Bayesian Decision Support System Solutions. Information Age, 11(4), 229\u2013234.","journal-title":"Information Age"},{"key":"8677_CR43","unstructured":"Parker, D. (1981). Computer security management, Reston."},{"key":"8677_CR44","first-page":"85","volume-title":"Multilateral security in communications, vol. 3: Technology, Infrastructure, Economy","author":"A. Pfitzmann","year":"1999","unstructured":"Pfitzmann, A. (1999). Technologies for Multilateral Security. In G. M\u00fcller, & K. Rannenberg, (Eds.), Multilateral security in communications, vol. 3: Technology, Infrastructure, Economy (pp. 85\u201391). Munich: Addison-Wesley."},{"key":"8677_CR45","doi-asserted-by":"crossref","unstructured":"Pfitzmann, A. & K\u00f6hntopp, M. (2001). Anonymity, Unobservability, and Pseudonymity\u2014A Proposal for Terminology. In H. Federrath, (Ed.), Anonymity 2000, LNCS 2009, pages 1\u20139.","DOI":"10.1007\/3-540-44702-4_1"},{"key":"8677_CR46","doi-asserted-by":"crossref","unstructured":"Pfitzmann, A., Pfitzmann, B., & Waidner, M. (1991). ISDN-MIXes: Untraceable Communication with Small Bandwidth Overhead. In Kommunikation in Verteilten Systemen (KIVS\u201991), pages 451\u2013463.","DOI":"10.1007\/978-3-642-76462-2_32"},{"key":"8677_CR47","unstructured":"Quatrani, T. (2000). Visual Modeling with Rational Rose 2000 and UML. Addison-Wesley, 2 edition."},{"key":"8677_CR48","unstructured":"Roessler, T. (1999). Anonymization in data networks\u2014extensive overview of anonymization services on the internet. In D. Fox, & H. Reimer, (Eds.), Datenschutz und Datensicherheit 1999. Vieweg."},{"key":"8677_CR49","doi-asserted-by":"crossref","unstructured":"R\u00f6hm, A., Herrmann, G., & Pernul, G. (1999). A Language for Modelling Secure Business Transactions. In Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC\u201999), (pp. 22\u201331). IEEE Computer Society Press.","DOI":"10.1109\/CSAC.1999.816010"},{"issue":"4","key":"8677_CR50","doi-asserted-by":"crossref","first-page":"343","DOI":"10.1016\/S0167-9236(00)00082-8","volume":"29","author":"A. R\u00f6hm","year":"2000","unstructured":"R\u00f6hm, A. & Pernul, G. (2000). COPS: A Model and Infrastructure for Secure and Fair Electronic Markets. Decision Support Systems Journal, 29(4), 343\u2013355.","journal-title":"Decision Support Systems Journal"},{"key":"8677_CR51","doi-asserted-by":"crossref","unstructured":"R\u00f6hm, A., Pernul, G., & Herrmann, G. (1998). Modelling Secure and Fair Electronic Commerce. In Proceedings of the 14th Annual Computer Security Application Conference (ACSAC\u201998), (pp. 155\u2013164). IEEE Computer Society Press.","DOI":"10.1109\/CSAC.1998.738608"},{"key":"8677_CR52","unstructured":"Rubert, M. (1999). Anonymitat als Sicherheitsmerkmal von Gesch\u00e4ftsprozessen. Diploma thesis, Department of Business Administration, University of Essen. In German."},{"key":"8677_CR53","doi-asserted-by":"crossref","unstructured":"Shen, H., & Dewan, P. (1992). Access Control for Collaborative Environments. In Proceedings of the CSCW\u201992 Conference. ACM Press, New York.","DOI":"10.1145\/143457.143461"},{"key":"8677_CR54","unstructured":"Smith, S. & Lim, J. (1984). An Automated Method for Assessing the Effectiveness of Computer Security Safeguards. In Computer Security A Global Challenge, pages 321\u2013328. North-Holland, Amsterdam."},{"key":"8677_CR55","unstructured":"Starke, G. (1994). Business Models and their Description. In G. Chroust & A. Benczur (Eds.), Workflow Management: Challenges, Paradigms, and Products (CON\u201994), of Schriftenreihe der \u00f6sterreichischen Computer Gesellschaft, vol. 76, pages 134\u2013147. Oldenbourg-Verlag Wien."},{"key":"8677_CR56","doi-asserted-by":"crossref","unstructured":"Syverson, P. F., Reed, M. G., & Goldschlag, D. M. (2000). Onion Routing Access Configurations. In DISCEX 2000: Proceedings of the DARPA Information Survivability Conference and Exposition, vol. 1, pages 34\u201340, Hilton Head, SC. IEEE Computer Society Press.","DOI":"10.21236\/ADA465234"},{"key":"8677_CR57","doi-asserted-by":"crossref","unstructured":"Thoben, W. (2000). Wissensbasierte Bedrohungs-und Risikoanalyse Workflow-basierter Anwendungssysteme. Reihe Wirtschaftsinformatik. B.G. Teubner-Verlag, Stuttgart. Published Version of Doctoral Thesis. In German.","DOI":"10.1007\/978-3-663-05903-5"},{"key":"8677_CR58","unstructured":"Thomas, R. & Sandhu, R. (1997). Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Authorization Management. In Proceedings of the IFIP WG11.3 Workshop on Database Security. London: Chapman & Hall."},{"key":"8677_CR59","unstructured":"Tigris. (2000). ArgoUML Vision. argouml.tigris.org\/vision.html."},{"issue":"2","key":"8677_CR60","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1016\/0167-4048(90)90089-C","volume":"9","author":"M. Zviran","year":"1990","unstructured":"Zviran, M., Hoge, J., & Micucci, V. (1990). SPAN\u2014a DSS for Security Plan Analysis. Computer Security, 9(2), 153\u2013160.","journal-title":"Computer Security"}],"container-title":["Electronic Commerce Research"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10660-006-8677-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10660-006-8677-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10660-006-8677-7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,30]],"date-time":"2019-05-30T20:49:52Z","timestamp":1559249392000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10660-006-8677-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,10]]},"references-count":60,"journal-issue":{"issue":"3-4","published-print":{"date-parts":[[2006,10]]}},"alternative-id":["8677"],"URL":"https:\/\/doi.org\/10.1007\/s10660-006-8677-7","relation":{},"ISSN":["1389-5753","1572-9362"],"issn-type":[{"value":"1389-5753","type":"print"},{"value":"1572-9362","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006,10]]}}}