Guest lecture Rafael Accorsi: A Posteriori Process Security Control
Processes specify how personal and business data are dealt with in information systems. Traditionally, process control in this context means prevention, i.e. ensure processes’ adherence to security and privacy policies. In contexts where process flexibility and changes happen, preventive approaches become no longer practicable. This talk argues that in order to secure business processes, prevention must be complemented with a posteriori process controls to detect policy violations.