On the Prevention of Fraud and Privacy Exposure in Process Information Flow
- 1 August 2012
- journal article
- Published by Institute for Operations Research and the Management Sciences (INFORMS) in INFORMS Journal on Computing
- Vol. 24 (3), 416-432
- https://doi.org/10.1287/ijoc.1110.0461
Abstract
Our work addresses internal information breaches that emanate from organizational workflows. Information breaches are particularly piquant in organizational workflows, as the underlying tasks constitute natural points where private information on individuals is accessed to execute the workflows. Our work builds on and extends the widely used role-based access controls by considering processwide security considerations to both optimize the efficiency of workflow staffing and minimize data exposure in complex workflows. We employ a Jackson queueing network modeling framework, which allows both predictable and stochastic variability as well as varied employee skill sets. This framework enables the modeling of internal security threats that emanate from cross-task and cross-personnel assignments and the development of optimal staffing strategies that meet security requirements at minimum operational costs. Our detailed implementation analysis reveals that the model developed is not demanding in terms of required parameters and that the proposed approach is practical and adaptable to evolving business, regulatory, and workforce conditions. Our model is applicable to any digital transformation that involves confidential data sequences that carry security vulnerability, as is often the case in many settings such as health care, online banking, electronic payment systems, and interorganizational data interchange.Keywords
This publication has 33 references indexed in Scilit:
- Specification, planning, and execution of QoS-aware Grid workflows within the Amadeus environmentConcurrency and Computation: Practice and Experience, 2007
- DW-RBAC: A formal security model of delegation and revocation in workflow systemsInformation Systems, 2007
- A Taxonomy of Workflow Management Systems for Grid ComputingJournal of Grid Computing, 2005
- Collaborative business and data privacy: Toward a cyber-control?Computers in Industry, 2005
- Access control in collaborative systemsACM Computing Surveys, 2005
- Privacy versus willingness to disclose in e-commerce exchanges: The effect of risk awareness on the relative role of trust and controlJournal of Economic Psychology, 2004
- TRBACACM Transactions on Information and System Security, 2001
- Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: An Empirical InvestigationOrganization Science, 1999
- The specification and enforcement of authorization constraints in workflow management systemsACM Transactions on Information and System Security, 1999
- Computational issues in secure interoperationIEEE Transactions on Software Engineering, 1996