On the Exploitation of Process Mining for Security Audits: The Conformance Checking Case
Process mining stands for a set of techniques to analyze business process models and logs. However, the extent to which it can be used for security auditing has not been investigated. Focusing on conformance checking and its support in ProM, this paper reports on a case-study in the financial sector applying this technology for the auditing of relevant security requirements. Although the vast majority of requirements could be verified, the authors notice a large manual effort to carry out the analysis. Moreover, they identify a class of security requirements that demands process discovery for analysis, and elaborate on ways in which process mining could be extended to better suit security analyses.