Simon Tjoa

E-Mail
Phone: +43 (1) 505 36 88
Fax: +43 (1) 505 88 88

Bio

Simon Tjoa is a project member of Secure Business Austria. His research focuses mainly on concepts of Risk Management, IT-Security, Secure Business Processes and Software Design, on which he specialized during his studies on the Vienna University and Vienna University of Technology. After graduating with a Master’s degree in Business Informatics, Simon is currently working on his PhD within the domain of Business Informatics. In the year 2003 he founded the company CASIXX which focuses on Software Development.

Publications

Simon Tjoa and Stefan Jakoubi and Sigrun Goluch and Gerhard Kitzler, "Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach," in 2010 International Conference on Availability, Reliability and Security, 2010, pp. 268-274. BibTeX | PDF

@INPROCEEDINGS{Tjoa_Planning_Dynamic_Activity_and__2010, Author = {Simon Tjoa and Stefan Jakoubi and Sigrun Goluch and Gerhard Kitzler}, title = {Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach}, booktitle = {2010 International Conference on Availability, Reliability and Security}, year = {2010}, month = {2}, pdf = {Tjoa_ARES2010_dynamic.pdf}, pages = {268-274}, }
Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler, "Risk-Aware Business Process Management: Establishing the Link Between Business and Security," in Complex Intelligent Systems and Their Applications, 2010, pp. 109-135. BibTeX | PDF

@INPROCEEDINGS{Jakoubi_CISTA_2010, Author = {Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler}, title = {Risk-Aware Business Process Management: Establishing the Link Between Business and Security}, booktitle = {Complex Intelligent Systems and Their Applications}, year = {2010}, month = {1}, pdf = {Jakoubi_CISTA_2010.pdf}, volume = {41}, pages = {109-135}, publisher = {Springer New York}, }
Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr, "A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation," IEEE Transactions on Services Computing, 2010. BibTeX | PDF

@ARTICLE{Tjoa2010a, Author = {Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr}, title = {A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation}, journal = {IEEE Transactions on Services Computing}, year = {2010}, month = {4}, pdf = {Tjoa_TSC2010.pdf}, }
Markus Huber and Simon Tjoa and Stewart Kowalski and Marcus Nohlberg, "Towards Automating Social Engineering Using Social Networking Sites," in Computational Science and Engineering, IEEE International Conference on, 2009, pp. 117-124. BibTeX | PDF

@INPROCEEDINGS{Huber_TowardsAutomatingSocial_2009, Author = {Markus Huber and Simon Tjoa and Stewart Kowalski and Marcus Nohlberg}, title = {Towards Automating Social Engineering Using Social Networking Sites}, booktitle = {Computational Science and Engineering, IEEE International Conference on}, year = {2009}, month = {1}, pdf = {2009 - Huber - Towards Automating Social Engineering Using Social Networking Sites.pdf}, volume = {3}, pages = {117-124}, publisher = {IEEE Computer Society}, }
Simon Tjoa and Thomas Neubauer and Stefan Jakoubi, "A Roadmap to Risk-Aware Business Process Management," in APSCC, 2009. BibTeX

@INPROCEEDINGS{Jakoubi_RoadmaptoRiskAware_2009, Author = {Simon Tjoa and Thomas Neubauer and Stefan Jakoubi}, title = {A Roadmap to Risk-Aware Business Process Management}, booktitle = {APSCC}, year = {2009}, month = {1}, }
Simon Tjoa and Stefan Jakoubi, "A Reference Model for Risk-Aware Business Process Management," in International Conference on Risks and Security of Internet and Systems, 2009. BibTeX | PDF

@INPROCEEDINGS{Jakoubi_ReferenceModelRiskAware_2009, Author = {Simon Tjoa and Stefan Jakoubi}, title = {A Reference Model for Risk-Aware Business Process Management}, booktitle = {International Conference on Risks and Security of Internet and Systems}, year = {2009}, month = {1}, pdf = {Jakoubi_ReferenceModelRiskAware_2009 (2).pdf}, publisher = {IEEE}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management," in International Workshop on Database and Expert Systems Applications, 2009, pp. 127-132. BibTeX | PDF

@INPROCEEDINGS{Jakoubi_SurveyofScientific_2009, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, title = {A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management}, booktitle = {International Workshop on Database and Expert Systems Applications}, year = {2009}, month = {1}, pdf = {Jakoubi_SurveyofScientific_2009.pdf}, pages = {127-132}, publisher = {IEEE Computer Society}, }
Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser, "A Process Model for RFID based Business Process Analysis," in APSCC, 2009. BibTeX

@INPROCEEDINGS{Neubauer_ProcessModelRFID_2009, Author = {Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser}, title = {A Process Model for RFID based Business Process Analysis}, booktitle = {APSCC}, year = {2009}, month = {1}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation," in Proceedings of the 16th European Conference on Information Systems (ECIS), 2008. BibTeX

@INPROCEEDINGS{Jakoubi_DerivingResourceRequirements_2008, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, sbahotlist = {true}, title = {Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation}, booktitle = {Proceedings of the 16th European Conference on Information Systems (ECIS)}, year = {2008}, month = {1}, abstract = {Today, companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper, we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore, we introduce an example scenario to clarify how a company can benefit from applying these extensions.}, }
Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck, "Integration of an Ontological Information Security Concept in Risk Aware Business Process Management," in Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008, 2008, pp. 377-385. BibTeX | PDF

@INPROCEEDINGS{Goluch_IntegrationofOntological_2008, Author = {Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck}, sbahotlist = {true}, title = {Integration of an Ontological Information Security Concept in Risk Aware Business Process Management}, booktitle = {Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008}, year = {2008}, month = {1}, pdf = {2008 - Goluch - Integration of an Ontological Information Security Concept in Risk-Aware Business Process Management.pdf}, pages = {377-385}, publisher = {IEEE Computer Society}, note = {978-0-7695-3075-8}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes," in Proceedings of the 15th European Conference on Information Systems (ECIS 2007), 2007. BibTeX

@INPROCEEDINGS{Jakoubi_ROPEMethodologyEnabling_2007, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, sbahotlist = {true}, title = {ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes}, booktitle = {Proceedings of the 15th European Conference on Information Systems (ECIS 2007)}, year = {2007}, month = {1}, abstract = {Risk management is essential regarding the maintenance of a companys business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management designs robust business processes to strengthen the resilience of daily business. Both domains try to improve business, but both approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method that unites both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination are the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats as well as security, counter and recovery measures. In this paper we demonstrate how to enable risk-aware business process management and simulation through the application of the ROPE methodology.}, }

View all publications

Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler, "A Formal Approach Towards Risk-Aware Service Level Analysis and Planning," in 2010 International Conference on Availability, Reliability and Security, 2010, pp. 180-187. BibTeX

@INPROCEEDINGS{Tjoa_A_Formal_Approach_Towards_Risk_2010, Author = {Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler}, title = {A Formal Approach Towards Risk-Aware Service Level Analysis and Planning}, booktitle = {2010 International Conference on Availability, Reliability and Security}, year = {2010}, month = {2}, pages = {180-187}, }
Simon Tjoa and Stefan Jakoubi and Sigrun Goluch and Gerhard Kitzler, "Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach," in 2010 International Conference on Availability, Reliability and Security, 2010, pp. 268-274. BibTeX | PDF

@INPROCEEDINGS{Tjoa_Planning_Dynamic_Activity_and__2010, Author = {Simon Tjoa and Stefan Jakoubi and Sigrun Goluch and Gerhard Kitzler}, title = {Planning Dynamic Activity and Resource Allocations Using a Risk-Aware Business Process Management Approach}, booktitle = {2010 International Conference on Availability, Reliability and Security}, year = {2010}, month = {2}, pdf = {Tjoa_ARES2010_dynamic.pdf}, pages = {268-274}, }
Gerhard Kitzler and Sigrun Goluch and Simon Tjoa and Stefan Jakoubi, "A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation," IEEE Transactions on Services Computing, vol. PP, iss. PrePrints, p. 1, 2010. BibTeX

@ARTICLE{Tjoa_A_Formal_Approach_Enabling_Ris_2010, Author = {Gerhard Kitzler and Sigrun Goluch and Simon Tjoa and Stefan Jakoubi}, title = {A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation}, journal = {IEEE Transactions on Services Computing}, year = {2010}, month = {5}, volume = {PP}, number = {PrePrints}, pages = {1}, }
Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler, "Risk-Aware Business Process Management :Establishing the Link Between Business and Security." Springer New York, 2010, vol. 41, pp. 109-135. BibTeX

@INBOOK{Jakoubi_Risk_Aware_Business_Process_Ma_2010, Author = {Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler}, title = {Risk-Aware Business Process Management :Establishing the Link Between Business and Security}, booktitle = {Complex Intelligent Systems and Their Applications}, year = {2010}, month = {8}, volume = {41}, pages = {109-135}, publisher = {Springer New York}, note = {Book}, }
Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr, "A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation," IEEE Transactions on Services Computing, 2010. BibTeX | PDF

@ARTICLE{Tjoa2010a, Author = {Simon Tjoa and Stefan Jakoubi and Gernot Goluch and Gerhard Kitzler and Sigrun Goluch and Gerald Quirchmayr}, title = {A Formal Approach Enabling Risk-aware Business Process Modeling and Simulation}, journal = {IEEE Transactions on Services Computing}, year = {2010}, month = {4}, pdf = {Tjoa_TSC2010.pdf}, }
Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler, "Risk-Aware Business Process Management: Establishing the Link Between Business and Security," in Complex Intelligent Systems and Their Applications, 2010, pp. 109-135. BibTeX | PDF

@INPROCEEDINGS{Jakoubi_CISTA_2010, Author = {Stefan Jakoubi and Simon Tjoa and Sigrun Goluch and Gerhard Kitzler}, title = {Risk-Aware Business Process Management: Establishing the Link Between Business and Security}, booktitle = {Complex Intelligent Systems and Their Applications}, year = {2010}, month = {1}, pdf = {Jakoubi_CISTA_2010.pdf}, volume = {41}, pages = {109-135}, publisher = {Springer New York}, }
Markus Huber and Simon Tjoa and Stewart Kowalski and Marcus Nohlberg, "Towards Automating Social Engineering Using Social Networking Sites," in Computational Science and Engineering, IEEE International Conference on, 2009, pp. 117-124. BibTeX | PDF

@INPROCEEDINGS{Huber_TowardsAutomatingSocial_2009, Author = {Markus Huber and Simon Tjoa and Stewart Kowalski and Marcus Nohlberg}, title = {Towards Automating Social Engineering Using Social Networking Sites}, booktitle = {Computational Science and Engineering, IEEE International Conference on}, year = {2009}, month = {1}, pdf = {2009 - Huber - Towards Automating Social Engineering Using Social Networking Sites.pdf}, volume = {3}, pages = {117-124}, publisher = {IEEE Computer Society}, }
Simon Tjoa and Thomas Neubauer and Stefan Jakoubi, "A Roadmap to Risk-Aware Business Process Management," in APSCC, 2009. BibTeX

@INPROCEEDINGS{Jakoubi_RoadmaptoRiskAware_2009, Author = {Simon Tjoa and Thomas Neubauer and Stefan Jakoubi}, title = {A Roadmap to Risk-Aware Business Process Management}, booktitle = {APSCC}, year = {2009}, month = {1}, }
Simon Tjoa and Stefan Jakoubi, "A Reference Model for Risk-Aware Business Process Management," in International Conference on Risks and Security of Internet and Systems, 2009. BibTeX | PDF

@INPROCEEDINGS{Jakoubi_ReferenceModelRiskAware_2009, Author = {Simon Tjoa and Stefan Jakoubi}, title = {A Reference Model for Risk-Aware Business Process Management}, booktitle = {International Conference on Risks and Security of Internet and Systems}, year = {2009}, month = {1}, pdf = {Jakoubi_ReferenceModelRiskAware_2009 (2).pdf}, publisher = {IEEE}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management," in International Workshop on Database and Expert Systems Applications, 2009, pp. 127-132. BibTeX | PDF

@INPROCEEDINGS{Jakoubi_SurveyofScientific_2009, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, title = {A Survey of Scientific Approaches Considering the Integration of Security and Risk Aspects into Business Process Management}, booktitle = {International Workshop on Database and Expert Systems Applications}, year = {2009}, month = {1}, pdf = {Jakoubi_SurveyofScientific_2009.pdf}, pages = {127-132}, publisher = {IEEE Computer Society}, }
Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser, "A Process Model for RFID based Business Process Analysis," in APSCC, 2009. BibTeX

@INPROCEEDINGS{Neubauer_ProcessModelRFID_2009, Author = {Gernot Goluch and Simon Tjoa and Thomas Neubauer and Stefan Jakoubi and Martin Wisser}, title = {A Process Model for RFID based Business Process Analysis}, booktitle = {APSCC}, year = {2009}, month = {1}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support," in The 22st International Conference on Advanced Information Networking and Applications, 2008. BibTeX

@INPROCEEDINGS{Tjoa_ExtensionofMethodology_2008, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, title = {Extension of a Methodology for Risk-Aware Business Process Modeling and Simulation Enabling Process-Oriented Incident Handling Support}, booktitle = {The 22st International Conference on Advanced Information Networking and Applications}, year = {2008}, month = {1}, abstract = {Increasingly, companies face the challenges to perform their business processes effectively as well as efficiently and to simultaneously assure the continuity of these processes. As the majority of companies rely on IT, it is essential to establish effective incident handling. In this paper, we introduce new extensions of the risk-aware business process management framework ROPE (Risk- Oriented Process Evaluation) in order to support the improvement of the management and execution of business processes. We further discuss the advantages of those extensions and how they can support the implementation of standards and best-practices such as the NIST SP800-61 (Computer Security Incident Handling Guide).}, publisher = {IEEE Society}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "Enhancing Business Impact Analysis and Risk Assessment applying a Risk-Aware Business Process Modeling and Simulation Methodology," in Proceedings of the 3rd International Conference on Availability, Reliability and Security, 2008. BibTeX

@INPROCEEDINGS{Tjoa_EnhancingBusinessImpact_2008, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, title = {Enhancing {B}usiness {I}mpact {A}nalysis and {R}isk {A}ssessment applying a {R}isk-{A}ware {B}usiness {P}rocess {M}odeling and {S}imulation {M}ethodology}, booktitle = {Proceedings of the 3rd {I}nternational {C}onference on {A}vailability, {R}eliability and {S}ecurity}, year = {2008}, month = {1}, abstract = {Driven by the steadily growing number of natural disasters, the threat of terrorist and other criminal attacks as well as changed legislation and regulations, companies are increasingly forced to prepare against threats that endanger the survivability of crucial business activities. As a consequence, management has to pay more attention to business continuity issues including serious management commitment and more appropriate funding. Business impact analysis and risk assessment concepts enable adequate business continuity planning as they deliver essential information about the impact of resources' disruption on business. In this paper we present how these concepts can be enhanced through the application of the ROPE (Risk-Oriented Process Evaluation) methodology enabling risk-aware business process management and simulation. Moreover, we present essential extensions of the ROPE simulation capabilities leading to a more efficient and effective business continuity planning.}, }
Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck, "Integration of an Ontological Information Security Concept in Risk Aware Business Process Management," in Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008, 2008, pp. 377-385. BibTeX | PDF

@INPROCEEDINGS{Goluch_IntegrationofOntological_2008, Author = {Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Thomas Mueck}, sbahotlist = {true}, title = {Integration of an Ontological Information Security Concept in Risk Aware Business Process Management}, booktitle = {Proceedings of the 41st Hawaii International Conference on System Sciences, HICSS2008}, year = {2008}, month = {1}, pdf = {2008 - Goluch - Integration of an Ontological Information Security Concept in Risk-Aware Business Process Management.pdf}, pages = {377-385}, publisher = {IEEE Computer Society}, note = {978-0-7695-3075-8}, }
Edgar R. Weippl and Simon Tjoa and Stefan Jakoubi, ARES Conference Proceedings, IEEE, 2008. BibTeX

@BOOK{Tjoa_ARESConferenceProceedings_2008, Author = {{Edgar R.} Weippl and Simon Tjoa and Stefan Jakoubi}, title = {ARES Conference Proceedings}, year = {2008}, month = {1}, publisher = {IEEE}, }
Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi, "Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation," in Proceedings of the 16th European Conference on Information Systems (ECIS), 2008. BibTeX

@INPROCEEDINGS{Jakoubi_DerivingResourceRequirements_2008, Author = {Gerald Quirchmayr and Gernot Goluch and Simon Tjoa and Stefan Jakoubi}, sbahotlist = {true}, title = {Deriving Resource Requirements Applying Risk-Aware Business Process Modeling and Simulation}, booktitle = {Proceedings of the 16th European Conference on Information Systems (ECIS)}, year = {2008}, month = {1}, abstract = {Today, companies face the challenge to effectively and efficiently perform their business processes as well as to guarantee their continuous operation. To meet the economic requirements, companies often consult business process management experts. The robustness and continuity of operations is separately considered in other domains such as business continuity management and risk management. The shortcoming of this separation is that in most cases a common reasoning and information basis is missing. With the risk-aware process modeling and simulation methodology named ROPE we fill this gap and combine the strengths of the aforementioned domains. In this paper, we present new ROPE simulation capabilities focusing on the determination of resource requirements considering the impact of occurring threats on business processes. Furthermore, we introduce an example scenario to clarify how a company can benefit from applying these extensions.}, }
Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Bernhard Riedl, "CASSIS – Computer-based Academy for Security and Safety in Information Systems," in Proceedings of the 2nd Conference on Availability, Reliability and Security, ARES2007, 2007, pp. 730-740. BibTeX | PDF

@INPROCEEDINGS{Goluch_CASSISComputerbased_2007, Author = {Stefan Fenz and Andreas Ekelhart and Gernot Goluch and Simon Tjoa and Stefan Jakoubi and Bernhard Riedl}, title = {CASSIS - Computer-based Academy for Security and Safety in Information Systems}, booktitle = {Proceedings of the 2nd Conference on Availability, Reliability and Security, ARES2007}, year = {2007}, month = {4}, abstract = {Information technologies and society are highly interwoven nowadays, but in both, the private and business sector, users are often not aware of security issues or lack proper security skills. The branch of information technology security is growing constantly but attacks against the vocational sector as well as the personal sector still cause great losses each day. Considering that the end-user is the weakest link of the security chain we aim to raise awareness, regarding IT security, and train and educate IT security skills by establishing a European-wide initiative and framework.}, pdf = {2007 - Goluch - CASSIS.pdf}, pages = {730-740}, publisher = {IEEE Computer Society}, note = {978-0-7695-2775-8}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes," in Proceedings of the 15th European Conference on Information Systems (ECIS 2007), 2007. BibTeX

@INPROCEEDINGS{Jakoubi_ROPEMethodologyEnabling_2007, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, sbahotlist = {true}, title = {ROPE: A Methodology for Enabling the Risk-Aware Modeling and Simulation of Business Processes}, booktitle = {Proceedings of the 15th European Conference on Information Systems (ECIS 2007)}, year = {2007}, month = {1}, abstract = {Risk management is essential regarding the maintenance of a companys business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management designs robust business processes to strengthen the resilience of daily business. Both domains try to improve business, but both approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method that unites both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination are the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats as well as security, counter and recovery measures. In this paper we demonstrate how to enable risk-aware business process management and simulation through the application of the ROPE methodology.}, }
Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi, "Enabling the Risk-Aware Modeling and Simulation of Business Processes," JISSec – Journal of Information System Security, 2007. BibTeX

@ARTICLE{Jakoubi_EnablingRiskAwareModeling_2007, Author = {Gerald Quirchmayr and Simon Tjoa and Stefan Jakoubi}, title = {Enabling the Risk-Aware Modeling and Simulation of Business Processes}, journal = {JISSec - Journal of Information System Security}, year = {2007}, month = {1}, abstract = {Risk management is essential regarding the maintenance of a company's business processes. The ability of companies to prevent risks as well as to respond quickly and appropriately to emerging threats is increasingly becoming a crucial success factor. In order to cope with these challenges, companies constitute business process and risk management approaches. Traditional business process management focuses on the economical optimization of processes. Apart from that, risk management provides the design of robust business processes to strengthen the resilience of daily business. Both domains aim at improving business performance, but they approach this goal from a different view on the understanding of improvement. Due to the fact that optimizing recommendations of business process management and risk management may be contradictory, we propose one unified method which integrates both points of views to enable risk-aware business process management and optimization. In this paper, we introduce the ROPE (Risk-Oriented Process Evaluation) methodology which combines capabilities of business process management, risk management and business continuity management to support the holistic evaluation of business processes not only regarding their economic efficiency but also their robustness and security. The basis for this combination is the refinement of business process activities into four atomic elements (Conditions, Actions, Resources and Environments) and a process-oriented way of modeling threats, preventive and reactive counter measures as well as recovery measures. In this paper we demonstrate how risk-aware business process management and simulation can be enabled through the application of the ROPE methodology.}, }