A Method for Eliciting Security Requirements From the Business Process Models
In recent years, the business process modeling is matured towards expressing enterprise's organizational behavior (i.e., business values and stakeholder interests). This shows potential to perform early security analysis to capture enterprise security needs. Traditionally, security in business processes is addressed either by representing security concepts graphically or by enforcing these security constraints. However, these approaches miss the elicitation of security needs and their translation to security requirements for system-to-be. This paper proposes a method to elicit security objectives from business process models and translate them to security requirements.